Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1494715
MD5:8814875dee846a623f322b36dc7bbc62
SHA1:d1eca26e190096a2d289333e17a914474ad9bea5
SHA256:660f2bc8579f642b117f4f9e4eefead53eba338e5da6791cf69bbeca0259a1fc
Tags:exe
Infos:

Detection

Babadeda
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
Yara detected Babadeda
AI detected suspicious sample
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3868 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8814875DEE846A623F322B36DC7BBC62)
    • cmd.exe (PID: 1600 cmdline: "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat C:\Users\user\Desktop\file.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chrome.exe (PID: 2668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 9056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • msedge.exe (PID: 5912 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 7884 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2236,i,18085970336854913923,8612264065574111003,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • firefox.exe (PID: 5640 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5300 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7252 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8640 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a65a33-d26c-4859-a37a-7257b27f6008} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc6eb10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9944 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 4136 -prefMapHandle 4148 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5530a7-4b89-4500-a48d-c51bf34f8c75} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc88e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 8040 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7944 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5952 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8900 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7064 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9328 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7864 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9336 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8012 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9068 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6704 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4432 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8696 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
BabadedaAccording to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus engines.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_BabadedaYara detected BabadedaJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.0.file.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
      0.2.file.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: file.exeReversingLabs: Detection: 36%
        Source: file.exeVirustotal: Detection: 40%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: file.exeJoe Sandbox ML: detected

        Compliance

        barindex
        Detected unpacking (overwrites its own PE header)
        Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack
        Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49794 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49742 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49770 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49820 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49819 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.5:49822 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49826 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49827 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49825 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49831 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49835 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49836 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49837 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49838 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49839 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49845 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49849 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49851 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49860 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49861 version: TLS 1.2
        Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.dr
        Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.dr
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmpJump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.tmpJump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Temp\A65C.tmpJump to behavior
        Source: firefox.exeMemory has grown: Private usage: 0MB later: 97MB
        Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
        Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
        Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
        Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
        Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49794 version: TLS 1.0
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.238
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.238
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.238
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.64.78
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.64.78
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.64.78
        Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
        Source: global trafficHTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1779012916&timestamp=1724040247233 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1724645043&P2=404&P3=2&P4=KoE50OYefIuH%2fS%2by%2buJIWJ7XkyB8akZ0NPPJ4pVsisGfEitcaIrwpVYQX9ktIf%2fIzEm6vdfSjHV%2biRZRgNasJg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 3FhD9TVChB1o1Hrkj3wP7HSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MuD1rYhrSPNGDFc&MD=5SBWp2YX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
        Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1093006929&timestamp=1724040252806 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=516=WeSzCAFaHyWH6MTW1ULeTeEEbrd665yRRjL7ssKDzonF1iwE5NKqz2kmTJf_WlHUmJ8uUofhXUuHUxQmdyJI7tzThJEO0YaMtok-6OSkqYeXBCJuoHiSHix2XTeposu1X6MRzPIohjAZxbZP8JTXXwQoOURB1QzpmCTAqPKfh_8
        Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MuD1rYhrSPNGDFc&MD=5SBWp2YX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
        Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
        Source: e35461ba-9376-4aa8-951c-589556d066e1.tmp.12.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
        Source: 000003.log8.12.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
        Source: 000003.log8.12.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
        Source: 000003.log8.12.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://*.adsafeprotected.com/*/Serving/**://pubads.g.doubleclick.net/gampad/*xml_vmap1**://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
        Source: chromecache_288.9.drString found in binary or memory: _.Zx(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.Zx(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.Zx(_.hy(c))+"&hl="+_.Zx(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.Zx(m)+"/chromebook/termsofservice.html?languageCode="+_.Zx(d)+"&regionCode="+_.Zx(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded":"")+"?hl="+_.Zx(d)+"&gl="+_.Zx(c)+(g?"&color_scheme="+ equals www.youtube.com (Youtube)
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: webcompat-reporter@mozilla.org.xpi*://track.adform.net/serving/scripts/trackpoint/webcompat-reporter%40mozilla.org:1.5.1*://pub.doubleverify.com/signals/pub.js**://*.imgur.com/js/vendor.*.bundle.js*://*.imgur.io/js/vendor.*.bundle.js*://www.rva311.com/static/js/main.*.chunk.js*://web-assets.toggl.com/app/assets/scripts/*.js*://libs.coremetrics.com/eluminate.js*://connect.facebook.net/*/sdk.js**://connect.facebook.net/*/all.js*resource://gre/modules/FileUtils.sys.mjsresource://gre/modules/addons/XPIProvider.jsm*://www.google-analytics.com/analytics.js**://static.chartbeat.com/js/chartbeat.js*://www.google-analytics.com/gtm/js**://www.google-analytics.com/plugins/ua/ec.js*://static.chartbeat.com/js/chartbeat_video.js*://www.googletagmanager.com/gtm.js**://ssl.google-analytics.com/ga.js*://s0.2mdn.net/instream/html5/ima3.js*://www.everestjs.net/static/st.v3.js*https://smartblock.firefox.etp/play.svgFileUtils_closeSafeFileOutputStreamhttps://smartblock.firefox.etp/facebook.svg*://cdn.branch.io/branch-latest.min.js*pictureinpicture%40mozilla.org:1.0.0*://c.amazon-adsystem.com/aax2/apstag.js*://auth.9c9media.ca/auth/main.js*://static.criteo.net/js/ld/publishertag.jsFileUtils_closeAtomicFileOutputStream@mozilla.org/addons/addon-manager-startup;1resource://gre/modules/AddonManager.sys.mjs equals www.facebook.com (Facebook)
        Source: firefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
        Source: 752cba57-e283-4368-a929-6b98957a8850.tmp.13.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105842452118","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105844849404","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105847732292","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105847983636","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105849560254","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105848408465","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":240369},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105878329956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":343940},"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105850235164","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":314897},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368607444191355","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
        Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
        Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
        Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
        Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
        Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
        Source: global trafficDNS traffic detected: DNS query: example.org
        Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
        Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
        Source: global trafficDNS traffic detected: DNS query: play.google.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
        Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
        Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
        Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
        Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
        Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
        Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
        Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
        Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
        Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
        Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
        Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
        Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
        Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
        Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 2342Content-Type: text/htmlDate: Mon, 19 Aug 2024 04:05:04 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.84112317.1724040304.de0035cAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
        Source: firefox.exe, 0000000A.00000003.2471502688.000001D2FC061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
        Source: firefox.exe, 0000000A.00000003.2936910225.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470645256.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737443501.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
        Source: firefox.exe, 0000000A.00000003.2500123797.000001D2FD033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470061685.000001D2FC0AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
        Source: firefox.exe, 0000000A.00000003.2500123797.000001D2FD033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zipjar:file:
        Source: firefox.exe, 0000000A.00000003.2467060887.000001D2FECFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
        Source: firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://poczta.interia.pl/mh/?mailto=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://poczta.interia.pl/mh/?mailto=%sget
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
        Source: firefox.exe, 0000000A.00000003.2471629755.000001D2FBF3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
        Source: firefox.exe, 0000000A.00000003.2470201769.000001D2FC096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2205926843.000001D2FF96B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
        Source: firefox.exe, 0000000A.00000003.2233275998.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
        Source: firefox.exe, 0000000A.00000003.2892975014.000001D2FCD4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
        Source: firefox.exe, 0000000A.00000003.2892975014.000001D2FCD4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470149423.000001D2FC09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
        Source: firefox.exe, 0000000A.00000003.2470201769.000001D2FC096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470149423.000001D2FC09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
        Source: firefox.exe, 0000000A.00000003.2281776159.000001D2F838E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F838E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
        Source: firefox.exe, 0000000A.00000002.3275884409.000001D2F8371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F8381000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
        Source: firefox.exe, 0000000A.00000003.2281776159.000001D2F838E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F838E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
        Source: firefox.exe, 0000000A.00000002.3275884409.000001D2F8371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F8381000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
        Source: firefox.exe, 0000000A.00000003.2281776159.000001D2F838E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F838E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
        Source: firefox.exe, 0000000A.00000002.3271237572.000001D2EBC03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/strings
        Source: firefox.exe, 0000000A.00000003.2473911363.000001D2FC68D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2156813610.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2230165188.000001D2FCAA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2471629755.000001D2FBF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2192551534.000001D2FC9E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2465680920.000001D2FEB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2711669059.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474199067.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2462028270.000001D2FEDD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2196907696.000001D2FC3FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2882188305.000001D2FC237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2433116239.000001D2FBF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713383628.000001D2FC9E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2177045583.000001D2FEDD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2215893966.000001D2FC9D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2208751056.000001D2FEEEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879168432.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2881431849.000001D2FC9E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2214211154.000001D2FEB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2211789244.000001D2FEC16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0N
        Source: firefox.exe, 0000000A.00000003.2471629755.000001D2FBF3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://ocsp.thawte.com0
        Source: firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
        Source: firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%sget
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
        Source: firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%sERROR_TYPE_USE_AFTER_REQUEST_SHUTDOWN
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
        Source: firefox.exe, 0000000A.00000003.2471629755.000001D2FBF3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: http://www.mozilla.com0
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-update
        Source: firefox.exe, 0000000A.00000003.2233111174.000001D2FBF5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2230975808.000001D2FCA65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2214053515.000001D2FEBA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2214312854.000001D2FEB6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2498501724.000001D2FCA25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466459611.000001D2FCA65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
        Source: firefox.exe, 0000000A.00000003.2214053515.000001D2FEBA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2214312854.000001D2FEB6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulgetCanUseBits
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulopenPreferences/internalPrefCategoryNam
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
        Source: firefox.exe, 0000000A.00000003.2120228322.000001D2FC23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2118972933.000001D2FC000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/INHIBIT_PERSISTENT_CACHINGinstrumentIndividualClass
        Source: firefox.exe, 0000000A.00000003.2231867370.000001D2FC553000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
        Source: chromecache_288.9.dr, Session_13368513840123270.12.drString found in binary or memory: https://accounts.google.com
        Source: firefox.exe, 0000000E.00000002.3264978280.000001F656ECA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
        Source: firefox.exe, 0000000E.00000002.3268675692.000001F657240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
        Source: firefox.exe, 00000016.00000002.3269346756.00000227CDAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog%
        Source: firefox.exe, 00000016.00000002.3269346756.00000227CDAB4000.00000004.00000020.00020000.00000000.sdmp, A65E.bat.0.dr, Favicons.12.dr, Session_13368513840123270.12.dr, History.12.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
        Source: firefox.exe, 0000000E.00000002.3264978280.000001F656ECA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3264641928.00000227CD6EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/p
        Source: file.exe, 00000000.00000003.2010676718.0000000002287000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017789417.00000148EF03E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000002.2034917542.00000148EF043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
        Source: firefox.exe, 0000000A.00000003.2470282067.000001D2FA5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.orgmigrateXULAttributeToStyleaccount-connection-connectedbookmarksToolbarWasV
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
        Source: chromecache_288.9.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
        Source: firefox.exe, 0000000A.00000003.2708705366.000001D2FBF30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
        Source: firefox.exe, 0000000A.00000003.2714091270.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499912966.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2472160395.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2471502688.000001D2FC079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
        Source: firefox.exe, 0000000A.00000003.2471502688.000001D2FC079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
        Source: firefox.exe, 0000000A.00000002.3271237572.000001D2EBC0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
        Source: firefox.exe, 0000000A.00000003.2233111174.000001D2FBF5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2215139517.000001D2FE634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180use
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
        Source: firefox.exe, 0000000A.00000002.3271237572.000001D2EBC0E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3271237572.000001D2EBC32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsCom
        Source: firefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
        Source: firefox.exe, 0000000A.00000003.2120228322.000001D2FC23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2118972933.000001D2FC000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
        Source: firefox.exe, 0000000A.00000003.2893157679.000001D2FC5D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2884046938.000001D2FC37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2220965584.000001D2FC377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
        Source: chromecache_288.9.drString found in binary or memory: https://families.google.com/intl/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
        Source: firefox.exe, 0000000A.00000003.2735383044.000001D2FE659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2463387406.000001D2FE659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2431121591.000001D2FE659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713152674.000001D2FE659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468406128.000001D2FE659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2215139517.000001D2FE634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
        Source: firefox.exe, 0000000A.00000003.2499801964.000001D2FA5A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
        Source: firefox.exe, 0000000A.00000003.2499801964.000001D2FA5A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
        Source: firefox.exe, 0000000A.00000003.2435649591.000001D2FA5B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1Populating
        Source: chromecache_288.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlog
        Source: chromecache_288.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
        Source: chromecache_288.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
        Source: firefox.exe, 0000000A.00000003.2277980830.000001D2FC5DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
        Source: firefox.exe, 0000000A.00000002.3271237572.000001D2EBC6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.cominner-window-destroyed
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshotsUrgent
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/webcompat-reporter
        Source: firefox.exe, 0000000A.00000003.2213907231.000001D2FEBB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2214691426.000001D2FEA9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
        Source: firefox.exe, 0000000A.00000003.2211789244.000001D2FEC29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
        Source: firefox.exe, 0000000A.00000002.3271237572.000001D2EBC0E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Suggest
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
        Source: prefs-1.js.10.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
        Source: firefox.exe, 0000000A.00000003.2936613393.000001D2FA5DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
        Source: firefox.exe, 0000000A.00000003.2435649591.000001D2FA5B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC545000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
        Source: firefox.exe, 0000000A.00000003.2499801964.000001D2FA5A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
        Source: firefox.exe, 0000000A.00000003.2470282067.000001D2FA5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
        Source: firefox.exe, 0000000A.00000003.2691605052.000029336F780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
        Source: firefox.exe, 0000000A.00000003.2691605052.000029336F780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
        Source: firefox.exe, 0000000A.00000003.2231867370.000001D2FC553000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
        Source: firefox.exe, 0000000A.00000003.2893157679.000001D2FC5D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2884046938.000001D2FC37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2220965584.000001D2FC377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sextension/default-theme
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%ssetSlowScriptDebugHandler/debugService.remoteActiv
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
        Source: firefox.exe, 0000000A.00000003.2893157679.000001D2FC5D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2884046938.000001D2FC37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2220965584.000001D2FC377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%sgecko.handlerService.defaultHandlersVersionhttps://poczta.int
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3271237572.000001D2EBCDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F657172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
        Source: firefox.exe, 0000000A.00000002.3282806679.000001D2F8EB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.comtestPermissionFromPrincipalupgradeTabsProgressListenerScript
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mzl.la/3NS9KJd
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
        Source: firefox.exe, 0000000A.00000003.2893157679.000001D2FC5D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2884046938.000001D2FC37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2220965584.000001D2FC377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sPdfJs.init
        Source: chromecache_288.9.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
        Source: chromecache_288.9.drString found in binary or memory: https://play.google/intl/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
        Source: firefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/privacy
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/privacy/additional
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/privacy/additional/embedded?gl=kr
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/privacy/google-partners
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/technologies/cookies
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/technologies/location-data
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/terms
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/terms/location/embedded
        Source: chromecache_288.9.drString found in binary or memory: https://policies.google.com/terms/service-specific
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
        Source: firefox.exe, 0000000A.00000003.2432404316.000001D2FC515000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.comtoggleProfilerKeyShortcutssetSlowScriptDebugHandlerbound
        Source: firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
        Source: firefox.exe, 0000000A.00000003.2737443501.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470645256.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470555543.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737443501.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499766348.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
        Source: firefox.exe, 0000000A.00000003.2737443501.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470645256.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470555543.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737443501.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499766348.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
        Source: firefox.exe, 0000000A.00000003.2737443501.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470645256.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470555543.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737443501.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499766348.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
        Source: firefox.exe, 0000000A.00000003.2737443501.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470645256.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470555543.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737443501.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499766348.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
        Source: firefox.exe, 0000000A.00000003.2469604306.000001D2FC553000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
        Source: firefox.exe, 0000000A.00000003.2737443501.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470645256.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470555543.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713797934.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737443501.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499801964.000001D2FA5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499766348.000001D2FA5BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
        Source: firefox.exe, 0000000A.00000003.2470282067.000001D2FA5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
        Source: firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470149423.000001D2FC09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2232514236.000001D2FC09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.html
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/shims/google-safeframe.htmlexperiment-apis/matchPatterns.jsabout-com
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
        Source: firefox.exe, 0000000A.00000003.2435962520.000001D2FD033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
        Source: firefox.exe, 0000000A.00000002.3283484292.000001D2F8EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2937381805.000001D2F8EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466359468.000001D2FCDF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466359468.000001D2FCDF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svgFileUtils_closeSafeFileOutputStreamhttps://smartblock.firefox
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_fork_who_will_use_dark_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_fork_who_will_use_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
        Source: chromecache_288.9.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixelhttps://static.adsafeprotected.com/firefox-etp-j
        Source: firefox.exe, 0000000A.00000003.2470282067.000001D2FA5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
        Source: firefox.exe, 0000000A.00000003.2467257008.000001D2FECBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2276299528.000001D2FECBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2211789244.000001D2FECBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2499912966.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2472160395.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.orgError:
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
        Source: firefox.exe, 0000000A.00000003.2470282067.000001D2FA5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.combrowser.tabs.drawInTitlebargeckoprofiler
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, e35461ba-9376-4aa8-951c-589556d066e1.tmp.12.drString found in binary or memory: https://twitter.com/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
        Source: firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2277800627.000001D2FC81A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/extension/pictureinpicture
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
        Source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drString found in binary or memory: https://www.digicert.com/CPS0
        Source: chromecache_288.9.drString found in binary or memory: https://www.google.com
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
        Source: chromecache_288.9.drString found in binary or memory: https://www.google.com/intl/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/List
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2277800627.000001D2FC81A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search__instrumentation_summary
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
        Source: chromecache_288.9.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
        Source: chromecache_288.9.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
        Source: chromecache_288.9.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
        Source: chromecache_288.9.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
        Source: chromecache_288.9.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
        Source: chromecache_288.9.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
        Source: firefox.exe, 0000000A.00000002.3281927365.000001D2F8E10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2280901402.000001D2F8EB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3263259613.0000002154F3C000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3271237572.000001D2EBC6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3282806679.000001D2F8EB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
        Source: firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
        Source: firefox.exe, 0000000A.00000002.3275884409.000001D2F835F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
        Source: firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
        Source: firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/I%
        Source: firefox.exe, 0000000A.00000002.3263259613.0000002154F3C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
        Source: firefox.exe, 0000000A.00000003.2691605052.000029336F780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/browser.sessionstore.idleDelay
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
        Source: firefox.exe, 0000000A.00000003.2691605052.000029336F780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
        Source: firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/
        Source: firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
        Source: chromecache_288.9.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
        Source: chromecache_288.9.drString found in binary or memory: https://youtube.com/t/terms?gl=
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
        Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
        Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
        Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
        Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
        Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
        Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
        Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49742 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49770 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49820 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49819 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.5:49822 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49826 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49827 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49825 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49831 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49835 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49836 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49837 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49838 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49839 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49845 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49849 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49851 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49860 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49861 version: TLS 1.2
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CD7E4477 NtQuerySystemInformation,22_2_00000227CD7E4477
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CDA03C32 NtQuerySystemInformation,22_2_00000227CDA03C32
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040C8980_2_0040C898
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040E9500_2_0040E950
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004109100_2_00410910
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004109D90_2_004109D9
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004105E00_2_004105E0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004115800_2_00411580
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004109930_2_00410993
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004106000_2_00410600
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B3470_2_0040B347
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F3C80_2_0040F3C8
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CD7E447722_2_00000227CD7E4477
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CDA03C3222_2_00000227CDA03C32
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CDA03C7222_2_00000227CDA03C72
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CDA0435C22_2_00000227CDA0435C
        Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: classification engineClassification label: mal72.troj.evad.winEXE@103/316@57/24
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004026B8 LoadResource,SizeofResource,FreeResource,0_2_004026B8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_03
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\A65C.tmpJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: file.exeReversingLabs: Detection: 36%
        Source: file.exeVirustotal: Detection: 40%
        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat C:\Users\user\Desktop\file.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
        Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2236,i,18085970336854913923,8612264065574111003,262144 /prefetch:3
        Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:3
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a65a33-d26c-4859-a37a-7257b27f6008} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc6eb10 socket
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7064 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7864 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8012 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 4136 -prefMapHandle 4148 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5530a7-4b89-4500-a48d-c51bf34f8c75} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc88e10 rdd
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6704 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8696 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat C:\Users\user\Desktop\file.exe"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2236,i,18085970336854913923,8612264065574111003,262144 /prefetch:3Jump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a65a33-d26c-4859-a37a-7257b27f6008} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc6eb10 socketJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 4136 -prefMapHandle 4148 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5530a7-4b89-4500-a48d-c51bf34f8c75} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc88e10 rddJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:3Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7064 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7864 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8012 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6704 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8696 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
        Source: Google Drive.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: YouTube.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Sheets.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Gmail.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Slides.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Docs.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.dr
        Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.dr

        Data Obfuscation

        barindex
        Detected unpacking (overwrites its own PE header)
        Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack
        Yara detected Babadeda
        Source: Yara matchFile source: file.exe, type: SAMPLE
        Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A756 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,0_2_0040A756
        Source: file.exeStatic PE information: section name: .code
        Source: gmpopenh264.dll.tmp.10.drStatic PE information: section name: .rodata
        Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
        Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CD7E4477 rdtsc 22_2_00000227CD7E4477
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmpJump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.tmpJump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Temp\A65C.tmpJump to behavior
        Source: firefox.exe, 00000016.00000002.3269610749.00000227CE010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
        Source: Web Data.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: firefox.exe, 00000016.00000002.3269610749.00000227CE010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWy
        Source: Web Data.12.drBinary or memory string: discord.comVMware20,11696428655f
        Source: Web Data.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: global block list test formVMware20,11696428655
        Source: firefox.exe, 0000000E.00000002.3264978280.000001F656ECA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW2
        Source: Web Data.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: firefox.exe, 0000000A.00000002.3273024473.000001D2EE851000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3273024473.000001D2EE87A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3264641928.00000227CD6EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: firefox.exe, 0000000A.00000002.3277612452.000001D2F84C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3269077829.000001F657317000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: firefox.exe, 0000000E.00000002.3264978280.000001F656ECA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW K
        Source: Web Data.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: Web Data.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: firefox.exe, 00000016.00000002.3269610749.00000227CE010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
        Source: Web Data.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: Web Data.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: Web Data.12.drBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: Web Data.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: firefox.exe, 0000000E.00000002.3264978280.000001F656ECA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3270122690.000001F657740000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3269610749.00000227CE010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: Web Data.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: Web Data.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: Web Data.12.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: AMC password management pageVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: firefox.exe, 0000000E.00000002.3270122690.000001F657740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: Web Data.12.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: Web Data.12.drBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: Web Data.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: Web Data.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: Web Data.12.drBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: Web Data.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: Web Data.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_00000227CD7E4477 rdtsc 22_2_00000227CD7E4477
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A756 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,0_2_0040A756
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409950 SetUnhandledExceptionFilter,0_2_00409950
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409930 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,0_2_00409930
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat C:\Users\user\Desktop\file.exe"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"Jump to behavior
        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040559A GetVersionExW,GetVersionExW,0_2_0040559A

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid Accounts1
        Native API        		1
        Scripting        		11
        Process Injection        		1
        Masquerading        		OS Credential Dumping11
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Registry Run Keys / Startup Folder        		1
        Registry Run Keys / Startup Folder        		11
        Process Injection        		LSASS Memory2
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Software Packing        		Security Account Manager12
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        Extra Window Memory Injection        		1
        DLL Side-Loading        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Extra Window Memory Injection        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1494715 Sample: file.exe Startdate: 19/08/2024 Architecture: WINDOWS Score: 72 56 us-west1.prod.sumo.prod.webservices.mozgcp.net 2->56 58 telemetry-incoming.r53-2.services.mozilla.com 2->58 60 22 other IPs or domains 2->60 84 Multi AV Scanner detection for submitted file 2->84 86 Yara detected Babadeda 2->86 88 Machine Learning detection for sample 2->88 90 AI detected suspicious sample 2->90 9 file.exe 8 2->9         started        12 msedge.exe 113 410 2->12         started        14 firefox.exe 1 2->14         started        signatures3 process4 signatures5 92 Detected unpacking (overwrites its own PE header) 9->92 16 cmd.exe 1 9->16         started        18 msedge.exe 12->18         started        21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        28 4 other processes 12->28 25 firefox.exe 3 97 14->25         started        process6 dnsIp7 30 chrome.exe 9 16->30         started        33 msedge.exe 10 16->33         started        35 conhost.exe 16->35         started        37 firefox.exe 1 16->37         started        62 13.107.246.40, 443, 49764, 49767 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->62 64 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49722 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 18->64 70 11 other IPs or domains 18->70 66 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49756, 49765, 49823 GOOGLEUS United States 25->66 68 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49835, 49836 GOOGLEUS United States 25->68 72 5 other IPs or domains 25->72 52 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 25->52 dropped 54 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 25->54 dropped 39 firefox.exe 25->39         started        41 firefox.exe 25->41         started        file8 process9 dnsIp10 80 192.168.2.5, 443, 49587, 49642 unknown unknown 30->80 82 239.255.255.250 unknown Reserved 30->82 43 chrome.exe 30->43         started        46 chrome.exe 30->46         started        48 chrome.exe 30->48         started        50 msedge.exe 33->50         started        process11 dnsIp12 74 www3.l.google.com 142.250.184.206, 443, 49780 GOOGLEUS United States 43->74 76 play.google.com 172.217.16.206, 443, 49801, 49805 GOOGLEUS United States 43->76 78 3 other IPs or domains 43->78

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        file.exe37%ReversingLabs
        file.exe40%VirustotalBrowse
        file.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        example.org0%VirustotalBrowse
        chrome.cloudflare-dns.com0%VirustotalBrowse
        services.addons.mozilla.org0%VirustotalBrowse
        prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
        prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
        prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
        ssl.bingadsedgeextension-prod-europe.azurewebsites.net0%VirustotalBrowse
        play.google.com0%VirustotalBrowse
        ipv4only.arpa0%VirustotalBrowse
        prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
        prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
        prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
        www3.l.google.com0%VirustotalBrowse
        contile.services.mozilla.com0%VirustotalBrowse
        www.google.com0%VirustotalBrowse
        telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
        push.services.mozilla.com0%VirustotalBrowse
        content-signature-2.cdn.mozilla.net0%VirustotalBrowse
        bzib.nelreports.net0%VirustotalBrowse
        detectportal.firefox.com0%VirustotalBrowse
        us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
        accounts.youtube.com0%VirustotalBrowse
        firefox.settings.services.mozilla.com0%VirustotalBrowse
        support.mozilla.org0%VirustotalBrowse
        spocs.getpocket.com0%VirustotalBrowse
        shavar.services.mozilla.com0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://detectportal.firefox.com/0%URL Reputationsafe
        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
        http://www.mozilla.com00%URL Reputationsafe
        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
        https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
        https://policies.google.com/terms/service-specific0%URL Reputationsafe
        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
        https://policies.google.com/technologies/cookies0%URL Reputationsafe
        https://screenshots.firefox.com0%URL Reputationsafe
        https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
        https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
        https://monitor.firefox.com/breach-details/0%URL Reputationsafe
        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
        https://www.amazon.com/exec/obidos/external-search/0%URL Reputationsafe
        https://profiler.firefox.com/0%URL Reputationsafe
        https://profiler.firefox.com/0%URL Reputationsafe
        https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
        https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
        http://exslt.org/sets0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
        https://api.accounts.firefox.com/v10%URL Reputationsafe
        http://exslt.org/common0%URL Reputationsafe
        https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%URL Reputationsafe
        https://fpn.firefox.com0%URL Reputationsafe
        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
        http://exslt.org/dates-and-times0%URL Reputationsafe
        http://win.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
        https://bugzilla.mo0%URL Reputationsafe
        https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
        https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
        https://policies.google.com/privacy0%URL Reputationsafe
        https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
        https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
        https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
        https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
        https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
        https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
        https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
        https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
        https://monitor.firefox.com/about0%URL Reputationsafe
        https://account.bellmedia.c0%URL Reputationsafe
        https://www.openh264.org/0%URL Reputationsafe
        https://login.microsoftonline.com0%URL Reputationsafe
        https://coverage.mozilla.org0%URL Reputationsafe
        http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
        https://blocked.cdn.mozilla.net/0%URL Reputationsafe
        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
        https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records0%Avira URL Cloudsafe
        https://profiler.firefox.com0%URL Reputationsafe
        https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
        https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%URL Reputationsafe
        https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
        https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
        https://monitor.firefox.com/user/preferences0%URL Reputationsafe
        https://screenshots.firefox.com/0%URL Reputationsafe
        https://relay.firefox.com/api/v1/0%URL Reputationsafe
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
        https://policies.google.com/privacy/additional0%URL Reputationsafe
        https://topsites.services.mozilla.com/cid/0%URL Reputationsafe
        https://poczta.interia.pl/mh/?mailto=%s0%URL Reputationsafe
        https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg0%URL Reputationsafe
        https://policies.google.com/terms/location/embedded0%URL Reputationsafe
        https://www.msn.com0%Avira URL Cloudsafe
        https://www.youtube.com/t/terms?chromeless=1&hl=0%Avira URL Cloudsafe
        https://screenshots.firefox.com/shims/google-safeframe.html0%Avira URL Cloudsafe
        https://addons.mozilla.orgmigrateXULAttributeToStyleaccount-connection-connectedbookmarksToolbarWasV0%Avira URL Cloudsafe
        https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
        https://www.msn.com1%VirustotalBrowse
        https://bugzilla.mozilla.org/show_bug.cgi?id=1238180use0%Avira URL Cloudsafe
        https://screenshots.firefox.com/shims/google-safeframe.html0%VirustotalBrowse
        https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
        https://www.youtube.com/t/terms?chromeless=1&hl=0%VirustotalBrowse
        https://www.amazon.com/exec/obidos/external-search/extension/pictureinpicture0%Avira URL Cloudsafe
        https://github.com/mozilla-services/screenshots0%VirustotalBrowse
        https://mail.google.com/mail/?extsrc=mailto&url=%sextension/default-theme0%Avira URL Cloudsafe
        https://www.widevine.com/0%Avira URL Cloudsafe
        https://smartblock.firefox.etp/play.svgFileUtils_closeSafeFileOutputStreamhttps://smartblock.firefox0%Avira URL Cloudsafe
        https://www.youtube.com/0%Avira URL Cloudsafe
        http://127.0.0.1:0%Avira URL Cloudsafe
        https://www.google.com/favicon.ico0%Avira URL Cloudsafe
        https://www.google.com/policies/privacy/List0%Avira URL Cloudsafe
        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74770%Avira URL Cloudsafe
        http://exslt.org/strings0%Avira URL Cloudsafe
        https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
        https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
        http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
        https://www.tsn.ca0%Avira URL Cloudsafe
        https://support.mozilla.orgError:0%Avira URL Cloudsafe
        http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
        https://mail.google.com/mail/?extsrc=mailto&url=%ssetSlowScriptDebugHandler/debugService.remoteActiv0%Avira URL Cloudsafe
        https://mail.yahoo.co.jp/compose/?To=%sgecko.handlerService.defaultHandlersVersionhttps://poczta.int0%Avira URL Cloudsafe
        https://mail.yahoo.co.jp/compose/?To=%s0%Avira URL Cloudsafe
        https://www.google.com/search0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        example.org
        		93.184.215.14
        		truefalseunknown
        chrome.cloudflare-dns.com
        		172.64.41.3
        		truefalseunknown
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalseunknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalseunknown
        prod.detectportal.prod.cloudops.mozgcp.net
        		34.107.221.82
        		truefalseunknown
        services.addons.mozilla.org
        		52.222.236.48
        		truefalseunknown
        ssl.bingadsedgeextension-prod-europe.azurewebsites.net
        		94.245.104.56
        		truefalseunknown
        prod.remote-settings.prod.webservices.mozgcp.net
        		34.149.100.209
        		truefalseunknown
        contile.services.mozilla.com
        		34.117.188.166
        		truefalseunknown
        prod.content-signature-chains.prod.webservices.mozgcp.net
        		34.160.144.191
        		truefalseunknown
        www3.l.google.com
        		142.250.184.206
        		truefalseunknown
        play.google.com
        		172.217.16.206
        		truefalseunknown
        us-west1.prod.sumo.prod.webservices.mozgcp.net
        		34.149.128.2
        		truefalseunknown
        ipv4only.arpa
        		192.0.0.170
        		truefalseunknown
        prod.ads.prod.webservices.mozgcp.net
        		34.117.188.166
        		truefalseunknown
        push.services.mozilla.com
        		34.107.243.93
        		truefalseunknown
        www.google.com
        		172.217.18.4
        		truefalseunknown
        telemetry-incoming.r53-2.services.mozilla.com
        		34.120.208.123
        		truefalseunknown
        spocs.getpocket.com
        		unknown
        		unknownfalseunknown
        detectportal.firefox.com
        		unknown
        		unknownfalseunknown
        bzib.nelreports.net
        		unknown
        		unknownfalseunknown
        content-signature-2.cdn.mozilla.net
        		unknown
        		unknownfalseunknown
        support.mozilla.org
        		unknown
        		unknownfalseunknown
        accounts.youtube.com
        		unknown
        		unknownfalseunknown
        firefox.settings.services.mozilla.com
        		unknown
        		unknownfalseunknown
        shavar.services.mozilla.com
        		unknown
        		unknownfalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.google.com/favicon.icofalse
        • Avira URL Cloud: safe
        		unknown
        https://play.google.com/log?format=json&hasfast=true&authuser=0false
        • Avira URL Cloud: safe
        		unknown
        https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://detectportal.firefox.com/firefox.exe, 0000000A.00000003.2233275998.000001D2FA59A000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.mozilla.com0firefox.exe, 0000000A.00000003.2471629755.000001D2FBF3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drfalse
        • URL Reputation: safe
        		unknown
        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drfalse
        • URL Reputation: safe
        		unknown
        https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3271237572.000001D2EBCDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F657172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD98A000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://policies.google.com/terms/service-specificchromecache_288.9.drfalse
        • URL Reputation: safe
        		unknown
        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://policies.google.com/technologies/cookieschromecache_288.9.drfalse
        • URL Reputation: safe
        		unknown
        https://screenshots.firefox.comfirefox.exe, 0000000A.00000003.2470282067.000001D2FA5F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://completion.amazon.com/search/complete?q=firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://monitor.firefox.com/breach-details/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_288.9.drfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://screenshots.firefox.com/shims/google-safeframe.htmlfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2277800627.000001D2FC81A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://profiler.firefox.com/firefox.exe, 0000000A.00000003.2432404316.000001D2FC515000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://www.msn.comfirefox.exe, 0000000A.00000003.2691605052.000029336F780000.00000004.00000800.00020000.00000000.sdmpfalse
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://addons.mozilla.orgmigrateXULAttributeToStyleaccount-connection-connectedbookmarksToolbarWasVfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://bugzilla.mozilla.org/show_bug.cgi?id=1238180usefirefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://exslt.org/setsfirefox.exe, 0000000A.00000003.2281776159.000001D2F838E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F838E000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.amazon.com/exec/obidos/external-search/extension/pictureinpicturefirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://mail.google.com/mail/?extsrc=mailto&url=%sextension/default-themefirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://api.accounts.firefox.com/v1firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://exslt.org/commonfirefox.exe, 0000000A.00000003.2281776159.000001D2F838E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F838E000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://fpn.firefox.comfirefox.exe, 0000000A.00000003.2277980830.000001D2FC5DB000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.widevine.com/firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://exslt.org/dates-and-timesfirefox.exe, 0000000A.00000002.3275884409.000001D2F8371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F8381000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://smartblock.firefox.etp/play.svgFileUtils_closeSafeFileOutputStreamhttps://smartblock.firefoxfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.youtube.com/firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://127.0.0.1:firefox.exe, 0000000A.00000003.2471502688.000001D2FC061000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://bugzilla.mofirefox.exe, 0000000A.00000003.2233111174.000001D2FBF5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2215139517.000001D2FE634000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://mitmdetection.services.mozilla.com/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.google.com/policies/privacy/Listfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drfalse
        • URL Reputation: safe
        		unknown
        https://policies.google.com/privacychromecache_288.9.drfalse
        • URL Reputation: safe
        		unknown
        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000A.00000003.2435962520.000001D2FD033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://exslt.org/stringsfirefox.exe, 0000000A.00000002.3271237572.000001D2EBC03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 0000000A.00000002.3283484292.000001D2F8EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2937381805.000001D2F8EC3000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.10.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000A.00000003.2469263162.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.tsn.cafirefox.exe, 0000000A.00000003.2691605052.000029336F780000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://monitor.firefox.com/aboutfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://support.mozilla.orgError:firefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://mozilla.org/MPL/2.0/.firefox.exe, 0000000A.00000003.2473911363.000001D2FC68D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2156813610.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2230165188.000001D2FCAA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2471629755.000001D2FBF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2192551534.000001D2FC9E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2465680920.000001D2FEB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2711669059.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474199067.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2462028270.000001D2FEDD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2196907696.000001D2FC3FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2882188305.000001D2FC237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2433116239.000001D2FBF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2713383628.000001D2FC9E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2177045583.000001D2FEDD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2215893966.000001D2FC9D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2208751056.000001D2FEEEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879168432.000001D2FC9D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2881431849.000001D2FC9E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2214211154.000001D2FEB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2211789244.000001D2FEC16000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://account.bellmedia.cfirefox.exe, 0000000A.00000003.2231867370.000001D2FC553000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://mail.google.com/mail/?extsrc=mailto&url=%ssetSlowScriptDebugHandler/debugService.remoteActivfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.openh264.org/firefox.exe, 0000000A.00000002.3284377263.000001D2F8FB0000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://login.microsoftonline.comfirefox.exe, 0000000A.00000003.2231867370.000001D2FC553000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://coverage.mozilla.orgfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 0000000A.00000003.2471629755.000001D2FBF3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474850108.000001D2FD900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.10.drfalse
        • URL Reputation: safe
        		unknown
        https://blocked.cdn.mozilla.net/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000A.00000003.2466248202.000001D2FD223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2181854880.000001D2FD223000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://profiler.firefox.comfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000A.00000003.2893157679.000001D2FC5D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2884046938.000001D2FC37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2220965584.000001D2FC377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://mail.yahoo.co.jp/compose/?To=%sgecko.handlerService.defaultHandlersVersionhttps://poczta.intfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_288.9.drfalse
        • URL Reputation: safe
        		unknown
        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000A.00000003.2893157679.000001D2FC5D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2879424285.000001D2FC376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231416131.000001D2FC5C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2884046938.000001D2FC37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2204248875.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2220965584.000001D2FC377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://screenshots.firefox.com/firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2470149423.000001D2FC09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2232514236.000001D2FC09B000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://www.google.com/searchfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2277800627.000001D2FC81A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2468957494.000001D2FC818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120400117.000001D2FC25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120032497.000001D2FC21C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2120590255.000001D2FC280000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://relay.firefox.com/api/v1/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://firefox-source-docs.mozilla.org/remote/Security.htmlfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F27000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://poczta.interia.pl/mh/?mailto=%sgetfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F03000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://policies.google.com/privacy/additionalchromecache_288.9.drfalse
        • URL Reputation: safe
        		unknown
        https://topsites.services.mozilla.com/cid/firefox.exe, 0000000E.00000002.3265997640.000001F656FA0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3265308641.00000227CD760000.00000002.08000000.00040000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://twitter.com/firefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, e35461ba-9376-4aa8-951c-589556d066e1.tmp.12.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000A.00000002.3284377263.000001D2F8F76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2474580154.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2464718040.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2877848569.000001D2FBC3B000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpgfirefox.exe, 0000000A.00000003.2893428097.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2281776159.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2231978539.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3275884409.000001D2F83B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000003.2737009622.000001D2FC535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.3266433186.000001F6571C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3266521769.00000227CD9D3000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.10.drfalse
        • URL Reputation: safe
        		unknown
        https://policies.google.com/terms/location/embeddedchromecache_288.9.drfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        13.107.246.40
        		unknownUnited States
        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        23.44.201.15
        		unknownUnited States
        		20940AKAMAI-ASN1EUfalse
        152.195.19.97
        		unknownUnited States
        		15133EDGECASTUSfalse
        142.251.40.225
        		unknownUnited States
        		15169GOOGLEUSfalse
        142.250.64.78
        		unknownUnited States
        		15169GOOGLEUSfalse
        23.219.161.132
        		unknownUnited States
        		20940AKAMAI-ASN1EUfalse
        162.159.61.3
        		unknownUnited States
        		13335CLOUDFLARENETUSfalse
        142.250.184.206
        		www3.l.google.comUnited States
        		15169GOOGLEUSfalse
        172.64.41.3
        		chrome.cloudflare-dns.comUnited States
        		13335CLOUDFLARENETUSfalse
        52.222.236.48
        		services.addons.mozilla.orgUnited States
        		16509AMAZON-02USfalse
        34.120.208.123
        		telemetry-incoming.r53-2.services.mozilla.comUnited States
        		15169GOOGLEUSfalse
        172.217.16.206
        		play.google.comUnited States
        		15169GOOGLEUSfalse
        94.245.104.56
        		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        142.251.40.238
        		unknownUnited States
        		15169GOOGLEUSfalse
        172.217.18.4
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        34.149.100.209
        		prod.remote-settings.prod.webservices.mozgcp.netUnited States
        		2686ATGS-MMD-ASUSfalse
        172.253.62.84
        		unknownUnited States
        		15169GOOGLEUSfalse
        142.250.81.228
        		unknownUnited States
        		15169GOOGLEUSfalse
        34.107.221.82
        		prod.detectportal.prod.cloudops.mozgcp.netUnited States
        		15169GOOGLEUSfalse
        35.244.181.201
        		prod.balrog.prod.cloudops.mozgcp.netUnited States
        		15169GOOGLEUSfalse
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        35.190.72.216
        		prod.classify-client.prod.webservices.mozgcp.netUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.5
        127.0.0.1

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1494715
        Start date and time:2024-08-19 06:03:06 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 6m 42s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:30
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:file.exe
        Detection:MAL
        Classification:mal72.troj.evad.winEXE@103/316@57/24
        EGA Information:
        • Successful, ratio: 50%
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 41
        • Number of non-executed functions: 51
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.251.168.84, 142.250.185.110, 34.104.35.123, 142.251.173.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.185.174, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.189, 2.23.209.140, 2.23.209.149, 2.23.209.185, 2.23.209.182, 2.23.209.130, 2.23.209.179, 2.23.209.187, 142.250.186.99, 142.250.185.227, 142.250.186.131, 20.223.36.55, 216.58.206.74, 172.217.16.202, 216.58.212.170, 172.217.18.106, 142.250.186.170, 216.58.212.138, 142.250.185.138, 142.250.186.106, 216.58.206.42, 142.250.185.74, 142.250.186.138, 142.250.74.202, 142.250.184.202, 172.217.18.10, 142.250.185.106, 172.217.23.106, 199.232.214.172, 192.229.221.95, 142.250.185.202, 142.250.184.234, 142.250.185.170, 142.250.185.234, 142.250.186.46, 88.221.134.155, 88.221.134.209, 142.250.186.142, 142.250.185.163, 2.19.126.163, 74.125.133.84, 35.82.42.34, 44.226.249.47, 44.240.54.139, 142.251.32.99, 142.250.80.99
        • Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, clientservices.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, update.googleapis.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, optimizationguide-pa.googleapis.com, www.bing.com, clients1.google.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, content-autofill.googleapis.com, api.edgeoffer.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.pr
        • Execution Graph export aborted for target firefox.exe, PID 7252 because it is empty
        • Not all processes where analyzed, report is missing behavior information
        • Report size exceeded maximum capacity and may have missing behavior information.
        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
        • Report size getting too big, too many NtOpenFile calls found.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtWriteVirtualMemory calls found.
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
        • www.aib.gov.uk/
        NEW ORDER.xlsGet hashmaliciousUnknownBrowse
        • 2s.gg/3zs
        PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
        • 2s.gg/42Q
        06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
        • 2s.gg/3zk
        Quotation.xlsGet hashmaliciousUnknownBrowse
        • 2s.gg/3zM
        23.44.201.15https://www.bing.com/search?q=%e8%8f%af%e7%a2%a9+TUF+GAMING+B760M-PLUS+WIFI%e4%b8%bb%e6%a9%9f%e6%9d%bf&cvid=8ed3431d674542bbaed6934068e7242d&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQABhAMgYIAhAAGEAyBggDEAAYQDIGCAQQABhAMgYIBRAAGEAyBggGEAAYQDIGCAcQABhAMgYICBAAGEAyBwgJEEUY_FXSAQgxMDUwajBqNKgCALACAA&PC=U531&FPIG=7973DC1DA237417B95A39D883F2961E8&first=121&FORM=PERE2Get hashmaliciousUnknownBrowse
          152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
          • www.ust.com/

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          example.orgfile.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          file.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          file.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          https://kjhsdfh-capv1.b-cdn.net/sotix-campGet hashmaliciousUnknownBrowse
          • 93.184.215.14
          rama.exeGet hashmaliciousAmadey, Babadeda, StealcBrowse
          • 93.184.215.14
          file.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          file.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          file.exeGet hashmaliciousBabadedaBrowse
          • 93.184.215.14
          file.exeGet hashmaliciousUnknownBrowse
          • 93.184.215.14
          chrome.cloudflare-dns.comfile.exeGet hashmaliciousBabadedaBrowse
          • 162.159.61.3
          file.exeGet hashmaliciousBabadedaBrowse
          • 172.64.41.3
          file.exeGet hashmaliciousBabadedaBrowse
          • 162.159.61.3
          rama.exeGet hashmaliciousAmadey, Babadeda, StealcBrowse
          • 162.159.61.3
          file.exeGet hashmaliciousBabadedaBrowse
          • 172.64.41.3
          file.exeGet hashmaliciousBabadedaBrowse
          • 162.159.61.3
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 162.159.61.3
          file.exeGet hashmaliciousBabadedaBrowse
          • 172.64.41.3
          Setup_s.exeGet hashmaliciousUnknownBrowse
          • 172.64.41.3
          https://apps.axahealth.co.uk/os/Get hashmaliciousUnknownBrowse
          • 162.159.61.3
          services.addons.mozilla.orgfile.exeGet hashmaliciousBabadedaBrowse
          • 3.165.136.111
          file.exeGet hashmaliciousBabadedaBrowse
          • 52.222.236.48
          file.exeGet hashmaliciousBabadedaBrowse
          • 18.65.39.31
          https://kjhsdfh-capv1.b-cdn.net/sotix-campGet hashmaliciousUnknownBrowse
          • 3.165.136.99
          rama.exeGet hashmaliciousAmadey, Babadeda, StealcBrowse
          • 52.222.236.23
          file.exeGet hashmaliciousBabadedaBrowse
          • 52.222.236.23
          file.exeGet hashmaliciousBabadedaBrowse
          • 18.65.39.112
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 13.32.110.82
          file.exeGet hashmaliciousBabadedaBrowse
          • 52.222.236.120
          file.exeGet hashmaliciousUnknownBrowse
          • 52.222.236.120

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          AKAMAI-ASN1EUfile.exeGet hashmaliciousBabadedaBrowse
          • 23.33.40.143
          a96b3ddd991bc4a88831685ef44cbd4ad7945a4afc3a028f42812f269d513674_payload.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
          • 23.67.133.187
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.44.201.4
          file.exeGet hashmaliciousBabadedaBrowse
          • 104.126.116.24
          https://gtm.you1.cn/id/N_E_L_LGet hashmaliciousUnknownBrowse
          • 23.67.133.187
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.44.201.12
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.44.133.57
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 23.33.40.150
          Setup.exeGet hashmaliciousLummaC, Go InjectorBrowse
          • 23.197.127.21
          Payment Advice - Advice RefGLV626201911]Priority payment Customer_PDF_.exeGet hashmaliciousFormBookBrowse
          • 172.234.222.138
          EDGECASTUSfile.exeGet hashmaliciousBabadedaBrowse
          • 152.195.19.97
          https://vpjjioou7.indylatinawrds.com:8443/impact?impact=d..**@c.*.comGet hashmaliciousHTMLPhisherBrowse
          • 152.199.21.175
          https://xybxguyw7.indylatinawrds.com:8443/impact?impact=b..*@t....**.comGet hashmaliciousHTMLPhisherBrowse
          • 152.199.21.175
          https://home-start-trezor-io.github.io/Get hashmaliciousUnknownBrowse
          • 93.184.221.165
          https://accountindolgnin.asdasqweqwinc.com/?applgnininfoGet hashmaliciousPayPal PhisherBrowse
          • 192.229.221.25
          https://u8o538bg2.indylatinawrds.com:8443/impact?impact=r.*@e...**.com/Get hashmaliciousHTMLPhisherBrowse
          • 152.199.21.175
          file.exeGet hashmaliciousBabadedaBrowse
          • 152.195.19.97
          http://freeusps.com/products/detail/17920209Get hashmaliciousUnknownBrowse
          • 93.184.221.165
          https://karanbararwal.github.io/NetflixGet hashmaliciousHTMLPhisherBrowse
          • 93.184.221.165
          file.exeGet hashmaliciousBabadedaBrowse
          • 152.195.19.97
          MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousBabadedaBrowse
          • 94.245.104.56
          file.exeGet hashmaliciousBabadedaBrowse
          • 13.107.246.40
          file.exeGet hashmaliciousBabadedaBrowse
          • 94.245.104.56
          Open 99 Restaurants Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
          • 13.107.246.60
          rama.exeGet hashmaliciousAmadey, Babadeda, StealcBrowse
          • 94.245.104.56
          file.exeGet hashmaliciousBabadedaBrowse
          • 94.245.104.56
          file.exeGet hashmaliciousBabadedaBrowse
          • 94.245.104.56
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 13.107.246.40
          file.exeGet hashmaliciousBabadedaBrowse
          • 94.245.104.56
          https://eu5qwt3o.beauty/offer/4?imp=amakyvlljhftr1723918476202&rurl=https%3A%2F%2Fgentlyrevitalizedarchitect.com%2F%3Fa%3D103098%26c%3D143007%26s1%3D79%26s2%3Damakyvlljhftr1723918476202%26s3%3Dwww.foxnews.comGet hashmaliciousUnknownBrowse
          • 52.231.230.148
          AKAMAI-ASN1EUfile.exeGet hashmaliciousBabadedaBrowse
          • 23.33.40.143
          a96b3ddd991bc4a88831685ef44cbd4ad7945a4afc3a028f42812f269d513674_payload.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
          • 23.67.133.187
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.44.201.4
          file.exeGet hashmaliciousBabadedaBrowse
          • 104.126.116.24
          https://gtm.you1.cn/id/N_E_L_LGet hashmaliciousUnknownBrowse
          • 23.67.133.187
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.44.201.12
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.44.133.57
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 23.33.40.150
          Setup.exeGet hashmaliciousLummaC, Go InjectorBrowse
          • 23.197.127.21
          Payment Advice - Advice RefGLV626201911]Priority payment Customer_PDF_.exeGet hashmaliciousFormBookBrowse
          • 172.234.222.138

          JA3 Fingerprints

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          1138de370e523e824bbca92d049a3777file.exeGet hashmaliciousBabadedaBrowse
          • 23.1.237.91
          http://cobsaiprologue.gitbook.io/usGet hashmaliciousUnknownBrowse
          • 23.1.237.91
          https://kyo.mjj.mybluehost.me/Metamask-Draga/MT/Get hashmaliciousUnknownBrowse
          • 23.1.237.91
          http://help-mettamskchr.gitbook.io/usGet hashmaliciousUnknownBrowse
          • 23.1.237.91
          https://u8o538bg2.indylatinawrds.com:8443/impact?impact=r.*@e...**.com/Get hashmaliciousHTMLPhisherBrowse
          • 23.1.237.91
          http://freeusps.com/products/detail/17920209Get hashmaliciousUnknownBrowse
          • 23.1.237.91
          https://karanbararwal.github.io/NetflixGet hashmaliciousHTMLPhisherBrowse
          • 23.1.237.91
          file.exeGet hashmaliciousBabadedaBrowse
          • 23.1.237.91
          https://parapara-in29cu5m4-marhokate-gmailcom.vercel.app/?user-agent=mozilla/5.0%20/Get hashmaliciousUnknownBrowse
          • 23.1.237.91
          http://exchange.add-solution.de/owa_ocbcadejsm_form?l293ys9vd2ffb2niy2fkzwpzbv9mb3jtp2wyotn5ct0lm0qvb3dhx29jymnhzgvqc21fzm9ybt9smjkzexm5dmqyzmzimm5petjma3p3chpidjltyjnqdhawd3lvdg56dxqwos9vd2ffb2niy2fkzwpzbv9mb3jtp2wyotn5czl2zdjmzmiybml5mmzrendwemj2ow1im2p0cdb3ew90bnp1dda5bdi5....%20311%20...pzbnjxbwhknxqxcm93bhz1bwrrjtneGet hashmaliciousUnknownBrowse
          • 23.1.237.91
          28a2c9bd18a11de089ef85a160da29e4https://t.salesmatemail.net/email/v1/track?key=239917fe-2129-42a6-9181-826cf2dde4bdGet hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          file.exeGet hashmaliciousBabadedaBrowse
          • 13.85.23.86
          • 184.28.90.27
          http://cadpost-delivery.comGet hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          http://pancakeu.top/Get hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          http://cobsaiprologue.gitbook.io/usGet hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          http://findmy-help-lcloud.com/DpW/Get hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          https://vpjjioou7.indylatinawrds.com:8443/impact?impact=d..**@c.*.comGet hashmaliciousHTMLPhisherBrowse
          • 13.85.23.86
          • 184.28.90.27
          https://13yxw.com/Get hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          https://onedrivedocscom0.godaddysites.com/xzxxxGet hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          https://vangphutai.com/Get hashmaliciousUnknownBrowse
          • 13.85.23.86
          • 184.28.90.27
          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          file.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          file.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          https://kjhsdfh-capv1.b-cdn.net/sotix-campGet hashmaliciousUnknownBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          rama.exeGet hashmaliciousAmadey, Babadeda, StealcBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          file.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          file.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          377cc85807.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          file.exeGet hashmaliciousBabadedaBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123
          file.exeGet hashmaliciousUnknownBrowse
          • 35.244.181.201
          • 34.149.100.209
          • 34.160.144.191
          • 52.222.236.48
          • 34.120.208.123

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousBabadedaBrowse
            file.exeGet hashmaliciousBabadedaBrowse
              file.exeGet hashmaliciousBabadedaBrowse
                rama.exeGet hashmaliciousAmadey, Babadeda, StealcBrowse
                  file.exeGet hashmaliciousBabadedaBrowse
                    file.exeGet hashmaliciousBabadedaBrowse
                      377cc85807.exeGet hashmaliciousBabadedaBrowse
                        file.exeGet hashmaliciousBabadedaBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse

                              Created / dropped Files

                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_de4e2b1a-fd0c-4d4c-b70e-1d82dda51a8b.json (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):6439
                              Entropy (8bit):5.1364213455325185
                              Encrypted:false
                              SSDEEP:192:7KMXUWJcbhbVbTbfbRbObtbyEznpnSrDtTZdB:7PtcNhnzFSJ7nSrDhZdB
                              MD5:4605F0A6A9FC6642024209848E4BF9D6
                              SHA1:36C932089DC600A293C332BA9FEE89C005FEB242
                              SHA-256:6AAE38C1472E61CF0DE367BF9CFE5EE0EDA9BD9D6CC7ACBF5A7BD57D59EF4254
                              SHA-512:D8286C69CF597F13A5F68382AD4D9A793976F954206A5B911F1E9CEDF7B6598F2BC20BE423C35C8A7D9FFA9D53B575554BECE96FC68371EA9F03042E94D6A5E5
                              Malicious:false
                              Preview:{"type":"uninstall","id":"de4e2b1a-fd0c-4d4c-b70e-1d82dda51a8b","creationDate":"2024-08-19T05:54:56.046Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_de4e2b1a-fd0c-4d4c-b70e-1d82dda51a8b.json.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):6439
                              Entropy (8bit):5.1364213455325185
                              Encrypted:false
                              SSDEEP:192:7KMXUWJcbhbVbTbfbRbObtbyEznpnSrDtTZdB:7PtcNhnzFSJ7nSrDhZdB
                              MD5:4605F0A6A9FC6642024209848E4BF9D6
                              SHA1:36C932089DC600A293C332BA9FEE89C005FEB242
                              SHA-256:6AAE38C1472E61CF0DE367BF9CFE5EE0EDA9BD9D6CC7ACBF5A7BD57D59EF4254
                              SHA-512:D8286C69CF597F13A5F68382AD4D9A793976F954206A5B911F1E9CEDF7B6598F2BC20BE423C35C8A7D9FFA9D53B575554BECE96FC68371EA9F03042E94D6A5E5
                              Malicious:false
                              Preview:{"type":"uninstall","id":"de4e2b1a-fd0c-4d4c-b70e-1d82dda51a8b","creationDate":"2024-08-19T05:54:56.046Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\17ae81d3-1ba9-4058-94c6-5146f44c6566.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44652
                              Entropy (8bit):6.097252022574875
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBbwuShDO6vP6OWNHNRx1ZufEfcGoup1Xl3jVzXr4z:z/Ps+wsI7yOEn62NHXchu3VlXr4CRo1
                              MD5:CC66AF8D42B087719AB6D1E8E9E09F7C
                              SHA1:030FB3E0BF736438CD261EE60345DC268449D632
                              SHA-256:BE5B3F6768A1FE64D2BDF41759A5AE4CA9F386C96223B24634BA664AA7A7FAA5
                              SHA-512:7FA986A733898256F62022509ED3F5A4DD5F744A591089441C32BF301A9BC9A5B423BE4C44803A02EC67359E5EE35378F49D2035A3215198FD1738D392A0FE90
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1fd72148-782c-49a8-8d30-31012311ab58.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):46164
                              Entropy (8bit):6.089603890932266
                              Encrypted:false
                              SSDEEP:768:mM7X2zt1jKYqHkZeFoQdA7hDO6vP6OWNHNFx1ZufEfKkl73U4gCAo4Goup1Xl3jE:mMSzvKYqsKoQN62NHPE4gRo4hu3VlXry
                              MD5:55E79C6461BB9E9FC17E3428AD310465
                              SHA1:EF8A242F117A21382F870CAE098053F882BA34C5
                              SHA-256:4790FBE2CCD41339D55636802728B16B0D014649F7EC2908FBF0F6370A65AA27
                              SHA-512:83F3B7EE3681BBABDDB46513406A73B690BB7B565631D1E334FD4E93B15C598A4A0AE1A7F4119B45A49C63BA0AB24B0E3D26EDCE742800AC1D5B44950B019EF5
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\337aa073-56f7-438e-8132-e9ce90ac32ab.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):46087
                              Entropy (8bit):6.089659479693686
                              Encrypted:false
                              SSDEEP:768:mM7X2zt1jKYqHkZeM9QdA7hDO6vP6OWNHNRx1ZufEfKkl73U4gCAo4Goup1Xl3jE:mMSzvKYqst9QN62NHXE4gRo4hu3VlXry
                              MD5:F81A5D005A7A64613F880203092E8D75
                              SHA1:5A20A24A1845A0FBAC41EF094971CBEB07E21702
                              SHA-256:70F1EF3E7C57916EE7BD35621EFAFD062C59465DC605CE2EDF9169C1515F279C
                              SHA-512:8F6C6F741CB34BBC57BD6A1B4FA2221016846E66BF6EB86A94DC6E5CF81FD0DD3419510AFBA2045CB9AC625FF74A4B2B8E87C6302275F20A0CFFE91C16D342F2
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\65d6d4c3-5154-47ba-8e81-df67b5574ee6.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):44596
                              Entropy (8bit):6.097159409924627
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuShDO6vP6OWNHNZz1D+EF0ncGoup1Xl3jVzXr2:z/Ps+wsI7ynER62NHKchu3VlXr4CRo1
                              MD5:4AEEBFAB429ABDA94F94CBAF887D5ACF
                              SHA1:982939C1992794BA9A05CF056EFBCD7C318956F3
                              SHA-256:75FFB02A0EC87A164BB96E4DCF8DA14552E09DDA190E2EAFE67781C822ABD608
                              SHA-512:E01E3CDB9068582A022634450147B20E62ED07368855B111F5D83B78B33658FE7A19C2478A6560196AFDF9AD7E6E14BF4574656FA0B779954777B6F3AB374552
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\672fd380-d010-4b57-a3f2-284df421a9e2.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):46164
                              Entropy (8bit):6.089600542165767
                              Encrypted:false
                              SSDEEP:768:mM7X2zt1jKYqHkZeF9QdA7hDO6vP6OWNHNFx1ZufEfKkl73U4gCAo4Goup1Xl3jE:mMSzvKYqsK9QN62NHPE4gRo4hu3VlXry
                              MD5:80E15E156CC59613E1B94E5AED436E5A
                              SHA1:17DE592F8DC4437E06820926B65F7A55943801B4
                              SHA-256:2CA47A0429E5D8430395F17EB17B34968E7293A961515CEA5C835906B5C1EAE3
                              SHA-512:C7486357C81F9373A05DF575587599221141C593DF46C5C7E2723E14B7C1E40879C3A2B44ED19A16ACD87ED0DB55BA7FFBD3151B8F3A9CE8B79ABFB733A3B100
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67d57258-4406-4205-993c-ea26b35fc7cf.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):45503
                              Entropy (8bit):6.0945574499143875
                              Encrypted:false
                              SSDEEP:768:LDXzgWPsj/qlGJqIY8GB4x9QdA7hDO6vP6OWNHNRx1ZufEfcGoup1Xl3jVzXr4Cz:L/Ps+wsI7yO9QN62NHXchu3VlXr4CRo4
                              MD5:B7F579285F95ACE9E5973A4E855D025A
                              SHA1:2DE1C13B58093B7A9DC0B4BCC5D09C1EDFF39161
                              SHA-256:5B44BA86B797C15C2B8B1051A5DBE9757BD9DEE2A4427F59AEFBC7F0DF76F4CC
                              SHA-512:B9DBE416463267A34462F9965A973F2F4F7E0D6AC640901608FD689A7C1721C47C7C8A34449B561683709DF22141DB6184438A71EC4DF752963D459E14FE069C
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\4dda23fd-3adf-472f-9e5d-0ffab6c3884b.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):107893
                              Entropy (8bit):4.6401317508825155
                              Encrypted:false
                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7S:fwUQC5VwBIiElEd2K57P7S
                              MD5:9D36CB934F7E849DF83EA67B21A710C3
                              SHA1:5CF72ABF57F2CAD2D7C0A4B0EFD195CB63865736
                              SHA-256:1004231F9B51F3EE1A08FF15464D602FB979D63C23642D32FA049A45DAD03D42
                              SHA-512:60D40A11EC31CFD720FFA0114C12A42A3277BFA2341CC1BC74056F710537BCD44054B897481B21465FF08FE068D64DB211346C207D04C6766F528896F5C5EB64
                              Malicious:false
                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):107893
                              Entropy (8bit):4.6401317508825155
                              Encrypted:false
                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7S:fwUQC5VwBIiElEd2K57P7S
                              MD5:9D36CB934F7E849DF83EA67B21A710C3
                              SHA1:5CF72ABF57F2CAD2D7C0A4B0EFD195CB63865736
                              SHA-256:1004231F9B51F3EE1A08FF15464D602FB979D63C23642D32FA049A45DAD03D42
                              SHA-512:60D40A11EC31CFD720FFA0114C12A42A3277BFA2341CC1BC74056F710537BCD44054B897481B21465FF08FE068D64DB211346C207D04C6766F528896F5C5EB64
                              Malicious:false
                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194304
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3::
                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194304
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3::
                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C2C42D-1F68.pma

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194304
                              Entropy (8bit):0.4817228073259309
                              Encrypted:false
                              SSDEEP:6144:AmC0qyUt+FnkaHube8KWyaeRZcoaHeQc:HFnHV8dT
                              MD5:97F68D9AA63161477D3063781F4C3E46
                              SHA1:99FC3877F2AAA0C34AC9D64B5D17EAE9CD67F641
                              SHA-256:B269B63203CBFF9CA7FA58F8726ED1964861AA0D76D06BF859142ADD329BCFD9
                              SHA-512:E7524188C9A745857D3ECAA8AF8702E993102B292CCA907E61AA8309D434C504DB5575EF1C8F83F199E3691524C3F5E38A12D40447EC40F1A6ACBEBBFE1DEC7B
                              Malicious:false
                              Preview:...@..@...@.....C.].....@...............X...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".tjppht20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........5...... .2.................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):280
                              Entropy (8bit):4.132041621771752
                              Encrypted:false
                              SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                              MD5:845CFA59D6B52BD2E8C24AC83A335C66
                              SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                              SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                              SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                              Malicious:false
                              Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\03a16ec7-0f3b-42d7-8815-4c92467cf612.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:very short file (no magic)
                              Category:dropped
                              Size (bytes):1
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3:L:L
                              MD5:5058F1AF8388633F609CADB75A75DC9D
                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                              Malicious:false
                              Preview:.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\10b55be2-6025-4a38-a403-8c6229784fcc.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):13115
                              Entropy (8bit):5.285399215090844
                              Encrypted:false
                              SSDEEP:192:stNJ99QTryDigabatSuyhsWUrMsZihOlkffk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNPGKSuasWUrMfhOl86bGtQx6WzaTYZ
                              MD5:C6CE1A17241F35A0F86F5F5ADDD0768D
                              SHA1:01079709BAADC71173847DDDE3C925B37330FAA2
                              SHA-256:7485EFFC65E130BD1F4B29FB7A0F904A560D5D4490871788EFF0DBC1C53102F9
                              SHA-512:99D70D276CF869811828B64775A2F76A1482F527BA615B244A7B0B805713C0E644B253FC6C496E7DCDB19FA022D8AC80BA3F51D71FFCD0F3970D5F536FDAF310
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1389b70f-298e-4145-a11e-9cc151a1f961.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):40503
                              Entropy (8bit):5.560977343475906
                              Encrypted:false
                              SSDEEP:768:tKTFeoS7pLGLv6oWP+Yff6H8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNMvwUmyrwQ3g:tKTFeoqcv6oWP+Yff6Hu1jaAMvjm3Q3g
                              MD5:2F6C7CC5B07E59BF064C3631AFD5D791
                              SHA1:02F7EEB862564E60E6F452C8619EF60428DBECCA
                              SHA-256:1911357AC24EB1E16F9CFF77B5F360806093B2AEEEBCAAC26D4CA70E16719497
                              SHA-512:EBA5C7932605B2C8E5AF7A9D25BC1B0B6EB5B59DE4D0BB86EE9C0282D7E17768D9B7D6F77617830C3D3198904A767FC983EB29D3DC827B8819DA4AFB9F9EAFAE
                              Malicious:false
                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368513837613433","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368513837613433","location":5,"ma

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\44c8c8d3-57d1-41da-8d4b-332bad2109ee.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):9748
                              Entropy (8bit):5.116757890996622
                              Encrypted:false
                              SSDEEP:192:stNkdhsWUrMsZihUk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNSsWUrMfhA6bGtQx6WzaTYZ
                              MD5:85009BFE302DFBA646C570D72305EAAD
                              SHA1:C08274778790F04E597F2F18DCB3EF4A3BF71E9E
                              SHA-256:5FD4CE96648D8AE705A4AB468F53014CF07EE606C823908C32DC9310CD982FF0
                              SHA-512:6B2999F84946AD7DAD7C658C4F3B8EC74D5431283E2EE0CB48E75AC47B33BAF98E4C8A6D3D0CEBCF9744876731F858394443DA4913A92D74DFC5351701B2FC98
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4ef47196-4ffd-4be8-abb6-aaa447d32e83.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):13114
                              Entropy (8bit):5.285328414167191
                              Encrypted:false
                              SSDEEP:192:stNJ99QTryDigabatSuyhsWUrMsZihOlkffk93o8c6bV+FKgQA66W0aFIMYRPeYJ:stNPGKSuasWUrMfhOl86bGtQx6W0aTYZ
                              MD5:98381C2A5EE90BBC1D77B8AF5EDFDF0E
                              SHA1:320F6270BE912941175FA409F7B9B98A1338B9AD
                              SHA-256:E85897EB38FAFD906AAEE8C83630304027A6CDB4872574DDE4AF5B27DD36FA3C
                              SHA-512:DAE975990C10BA5911FA67047792A0B60965AFB78A7260536FFF36B3D9CED08180D7532C80A44F8AA4BF81E7B629294F656FB13A8B86917E75F7327AB3EB8B65
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\80127e91-ecc1-4427-bc02-83b1369cb51b.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):40504
                              Entropy (8bit):5.560953785881497
                              Encrypted:false
                              SSDEEP:768:tKTFeoS7pLGLv6oWP+YffpH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNMvwUmyrwQ3Y:tKTFeoqcv6oWP+YffpHu1jaAMvjm3Q3Y
                              MD5:22C8F8265C3C6810AE82D568475B91D3
                              SHA1:B2B6697C3D1CF6ED2B8514C47DB73CDC8386D452
                              SHA-256:9B91B56967D866BE7CE4A7BEDDE93E0DA02D42A311C77D70B24E2F230B1A0DA2
                              SHA-512:0E410ED28A6056998688869964BDF664030EDACF60C565094B484F484163EA9D77A9668CDEF2CB980CC3DAB0FC38DAC4D1348F675E45FAF5D0AF6F0B935B137D
                              Malicious:false
                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368513837613433","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368513837613433","location":5,"ma

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):16
                              Entropy (8bit):3.2743974703476995
                              Encrypted:false
                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                              MD5:46295CAC801E5D4857D09837238A6394
                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                              Malicious:false
                              Preview:MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):33
                              Entropy (8bit):3.5394429593752084
                              Encrypted:false
                              SSDEEP:3:iWstvhYNrkUn:iptAd
                              MD5:F27314DD366903BBC6141EAE524B0FDE
                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                              Malicious:false
                              Preview:...m.................DB_VERSION.1

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):16
                              Entropy (8bit):3.2743974703476995
                              Encrypted:false
                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                              MD5:46295CAC801E5D4857D09837238A6394
                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                              Malicious:false
                              Preview:MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):309
                              Entropy (8bit):5.234029644277912
                              Encrypted:false
                              SSDEEP:6:krqOB1923oH+Tcwtp3hBtB2KLler7M+q2P923oH+Tcwtp3hBWsIFUv:kZMYebp3dFLMnM+v4Yebp3eFUv
                              MD5:2D5AAA55980118D02A4ED0CCAC53F427
                              SHA1:6119D269CCF560FAB3A854595C206AA2207C5C4E
                              SHA-256:A2975F7E9C751094133C13DA23949ED7A58EBCB17E1AB555FF059D36C6B362F8
                              SHA-512:0E751723F29000AD02432688D504807CE304445D1158D35C710081BDA984EA7936EB111A6C98B83949805BDCB7587A96D05E3F594EA22D089DD1D9839F9FA7E2
                              Malicious:false
                              Preview:2024/08/19-00:04:06.731 22fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/08/19-00:04:06.783 22fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:OpenPGP Secret Key
                              Category:dropped
                              Size (bytes):41
                              Entropy (8bit):4.704993772857998
                              Encrypted:false
                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                              Malicious:false
                              Preview:.|.."....leveldb.BytewiseComparator......

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:modified
                              Size (bytes):2163821
                              Entropy (8bit):5.2228668619497105
                              Encrypted:false
                              SSDEEP:24576:v+/PN8F3fI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Rfx2mjF
                              MD5:9C766C22BC9D192D4753E358A0648B00
                              SHA1:F474422B9A4E68BEBA1F79948505CC77033AFD62
                              SHA-256:3EFECFE7334725D868C5BF737D2A2141B8A0D10B13E22917555487690F786085
                              SHA-512:E1E15F3FA3DB1213DB8FD564986CAFFCBF0F1075B0F26E8855478059EF92672AB294BC2081A315B291A4CEF17400574DCD27C97A7BC7C7F004F9149901149D6D
                              Malicious:false
                              Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):336
                              Entropy (8bit):5.0956512856597636
                              Encrypted:false
                              SSDEEP:6:krs+q2P923oH+Tcwt9Eh1tIFUt8RrLlZZmw+RrRUSHNVkwO923oH+Tcwt9Eh15LJ:klv4Yeb9Eh16FUt8Rv/+RlLT5LYeb9Er
                              MD5:11CD5C2C8C5C8E009B146952BE67B171
                              SHA1:0E4A64F805B6133BBD2487B064E2A01C8B4F0B09
                              SHA-256:4B2334EA2A67764078DA08CA236DE581BC93B9BDD0038471A13D44F6997DAC58
                              SHA-512:F1969AB506B9CC6E2313201A0E73E3E9C57B7DAC7B6D84161C61CB810182128C2328456B220E548C31EB74CF74389D0998E81F1C77D3ED418DA1D75D5441965C
                              Malicious:false
                              Preview:2024/08/19-00:04:09.819 2178 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/19-00:04:09.821 2178 Recovering log #3.2024/08/19-00:04:10.311 2178 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):336
                              Entropy (8bit):5.0956512856597636
                              Encrypted:false
                              SSDEEP:6:krs+q2P923oH+Tcwt9Eh1tIFUt8RrLlZZmw+RrRUSHNVkwO923oH+Tcwt9Eh15LJ:klv4Yeb9Eh16FUt8Rv/+RlLT5LYeb9Er
                              MD5:11CD5C2C8C5C8E009B146952BE67B171
                              SHA1:0E4A64F805B6133BBD2487B064E2A01C8B4F0B09
                              SHA-256:4B2334EA2A67764078DA08CA236DE581BC93B9BDD0038471A13D44F6997DAC58
                              SHA-512:F1969AB506B9CC6E2313201A0E73E3E9C57B7DAC7B6D84161C61CB810182128C2328456B220E548C31EB74CF74389D0998E81F1C77D3ED418DA1D75D5441965C
                              Malicious:false
                              Preview:2024/08/19-00:04:09.819 2178 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/19-00:04:09.821 2178 Recovering log #3.2024/08/19-00:04:10.311 2178 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):28672
                              Entropy (8bit):0.46565221499038345
                              Encrypted:false
                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjK:TouQq3qh7z3bY2LNW9WMcUvBo
                              MD5:C58259EF7C711326AEB2191EBCDBEB64
                              SHA1:C962EBD2E17A79B820CBFED2A28BD1078AD72F29
                              SHA-256:82F200DD19A55AEC7A006729DCD317006123542AB9051D2E0F2A666D224B7191
                              SHA-512:7B198EA11A11A05283288B7A28F31B27DF7189294B51E7C10739846234A3ACAC8D5AE997270F9B21F7CF0360EFE9262C5D92B7160251F2000B86342B54C961D5
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                              Category:dropped
                              Size (bytes):10240
                              Entropy (8bit):0.8708334089814068
                              Encrypted:false
                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):619431
                              Entropy (8bit):6.0151599625652405
                              Encrypted:false
                              SSDEEP:12288:QTgo0iPKEVJjixsxPfnhf+4jeZO0xrQ7gIV3MjpkU9OTt7sOEUQcka:80QnxPfNljeQGrJQ8yUMThsg7
                              MD5:98B028E4A538CE04013CC99A5C047931
                              SHA1:4F29195B2D29564A43DC8C529B76B8F0C2662F05
                              SHA-256:927EC608114FAAA7F2EA12FB4151F12B59F5A0DAF398E3B68287128E6B13407D
                              SHA-512:2DA4616B9E404A5345BC10F6066E2C16C3A94EA13090DBDEEBCF4943B85DB09D4726D710E99777ABC8B31AEC4BB4D50B3061F8DA5BAB7872E8FC88A6E2471D9A
                              Malicious:false
                              Preview:...m.................DB_VERSION.1.....................BLOOM_FILTER:..%{"numberOfHashFunctions":8,"shiftBase":1,"bloomFilterArraySize":3665256,"primeBases":[5381,5381,5381,5381],"supportedDomains":"uRUnERdVwQcV+I9eF/73wn3vg7J8f5vmEUFKOT2XSnkDADaUw2qNm1F5n7qzCd5R5EWxXYMi54zYUHFM5452bzMtmB4cVCCLxE4ocHbX4tolgVUhJGts/7DHEUeayOfXCzA4UWKs20kJL3zio+LN8s+FEJXvpUJBqqCjvFknzYqEZRZx0j1TCj4aQlNcZQxdAqVub1edaVdXLPT96j97KDhKFY5nxDBURQ885DKRSkLakMTEyzkpbkmCNC3mDP2vp2I/446QNAedCYAbqW1ulHSL/aFWbjHp6kRhuSxM1HUN2DG/Y1SVHeQsLpt/j/wgLqiSSmBX7ujnYt0lttra1MooXr2gRuT0/gtL6oiSubLAoHYHHwZ35i+yoTazAifHyrABKkiiQvw5fNbaBKpXkRjrLiRieyEA7p6xcBiKOygkoP6yzG2Gj9iu4Nh4EPz9VdH+no82hiE0x1Ecu2B8C7AU40JnrNA2XFTYTF2nw2yk9SZROURJluf2lpFlhZAQmH0OfOmLAwGFc4aa4+Rh4AxYzUwtSdk/vtYJ41RIHpkKAfIZ+DVGwUqLtcE7TWbaaOioes2PKcfuFnaxhvzazlyO2AjgJOAj6Era5yBff0fApBAhowpCCeaEnY8fuOBMy9oKw4BJhqmuQxCnH8ZhlYK086gH5T0VXq2wjCWs81h0S5hDMV46c6SJR3yCKFnAQ0sy1LqF65v6Ajf9oe98s4f4XGD0cPeOaijy2dd6ZBZmOLz/aS72UtOECeqZt3IpUVQG7GMM1EaUMNYmCqvWTetAjsNRjmfc4ih

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):142
                              Entropy (8bit):5.059437341458182
                              Encrypted:false
                              SSDEEP:3:cMt38E28xp4m3rscUSXRC9sGXlf+nETPxpK2x7L7XHZA5qC:cMt38D8xSEsIXRCOS+n0PxEWTeUC
                              MD5:BA28B881695ABB7F99C96530A2C0FD84
                              SHA1:86AEEAF73E3054C53FC22FC52E7E958F68CAF2C7
                              SHA-256:FFC465AC92CD5C01C8D246020198E5FACBDAC5E94D0130CD9559EAFC238A20C8
                              SHA-512:36E309F346429245CED4C85FAE92361B722FAB98A52CCEA340390FEAF63B832EA2C4494B22D7866DE24CADB3E6373775F9610ABFD786791350FD7B4CF44C852C
                              Malicious:false
                              Preview:i. *9................BLOOM_FILTER_EXPIRY_TIME:.1724126646.538438)...G................BLOOM_FILTER_LAST_MODIFIED:.Sun, 18 Aug 2024 21:36:57 GMT

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):619413
                              Entropy (8bit):6.014674214582514
                              Encrypted:false
                              SSDEEP:12288:+Tgm0l8K/VpjibsxPbnhQ+4ieZPtxrQ7g4VrtjpkU9Ojt3s0EUpck+:406AxPb+lie9LrJAZyUMjBseY
                              MD5:79963B6ECA13F9C51C9269CF2861BBBD
                              SHA1:AF8B3AD2BA20B6834E18697CDECB63AAD95AE320
                              SHA-256:3669974FD33A34AE0B3EA03257F2773A0144245072C8432AE312352EC087997B
                              SHA-512:A60310B55ECA5C7861D69AAFB21250AFE9B8A26E06BD28FED07C2574B786B55CA2B86D63EB190FDBAA16EADDED3EA9633BF1C125A3B815FC6D0C3386C07E14E8
                              Malicious:false
                              Preview:....%BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":1,"bloomFilterArraySize":3665256,"primeBases":[5381,5381,5381,5381],"supportedDomains":"uRUnERdVwQcV+I9eF/73wn3vg7J8f5vmEUFKOT2XSnkDADaUw2qNm1F5n7qzCd5R5EWxXYMi54zYUHFM5452bzMtmB4cVCCLxE4ocHbX4tolgVUhJGts/7DHEUeayOfXCzA4UWKs20kJL3zio+LN8s+FEJXvpUJBqqCjvFknzYqEZRZx0j1TCj4aQlNcZQxdAqVub1edaVdXLPT96j97KDhKFY5nxDBURQ885DKRSkLakMTEyzkpbkmCNC3mDP2vp2I/446QNAedCYAbqW1ulHSL/aFWbjHp6kRhuSxM1HUN2DG/Y1SVHeQsLpt/j/wgLqiSSmBX7ujnYt0lttra1MooXr2gRuT0/gtL6oiSubLAoHYHHwZ35i+yoTazAifHyrABKkiiQvw5fNbaBKpXkRjrLiRieyEA7p6xcBiKOygkoP6yzG2Gj9iu4Nh4EPz9VdH+no82hiE0x1Ecu2B8C7AU40JnrNA2XFTYTF2nw2yk9SZROURJluf2lpFlhZAQmH0OfOmLAwGFc4aa4+Rh4AxYzUwtSdk/vtYJ41RIHpkKAfIZ+DVGwUqLtcE7TWbaaOioes2PKcfuFnaxhvzazlyO2AjgJOAj6Era5yBff0fApBAhowpCCeaEnY8fuOBMy9oKw4BJhqmuQxCnH8ZhlYK086gH5T0VXq2wjCWs81h0S5hDMV46c6SJR3yCKFnAQ0sy1LqF65v6Ajf9oe98s4f4XGD0cPeOaijy2dd6ZBZmOLz/aS72UtOECeqZt3IpUVQG7GMM1EaUMNYmCqvWTetAjsNRjmfc4ih1ETEtORln2KA97jaJcBlIUVVB4bk6hOOPw2Hr3w01YL1

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):512
                              Entropy (8bit):5.243949263592558
                              Encrypted:false
                              SSDEEP:12:k+rhbov4Yebn9GFUt8R+rhg/+R+rhI5LYebn95Z9e+f0MCNfgKROh:lhba4Yeb9ig8qhwhSLYeb9zmSh
                              MD5:44FD9512DB8984BEB9575DE448FD6C8F
                              SHA1:B18B05D9A883CAD52DCB7875ABBAFFC4D48ECF08
                              SHA-256:C121F4570EFD2F7E1F73904FC34D93FE35553699ED067866BBFC4822F3096986
                              SHA-512:63D7BEC0A2B61C16CFC1BF32C8620EA1CEEE136E7A83BB0F93A6285C29CEB76EE1E864C86FE6A7190046D7458C0B9C5820813354CAD76BFC5314295D62A6824A
                              Malicious:false
                              Preview:2024/08/19-00:03:57.771 1608 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/19-00:03:57.772 1608 Recovering log #3.2024/08/19-00:03:57.772 1608 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/08/19-00:04:06.562 1644 Level-0 table #5: started.2024/08/19-00:04:06.588 1644 Level-0 table #5: 619413 bytes OK.2024/08/19-00:04:06.590 1644 Delete type=0 #3.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):512
                              Entropy (8bit):5.243949263592558
                              Encrypted:false
                              SSDEEP:12:k+rhbov4Yebn9GFUt8R+rhg/+R+rhI5LYebn95Z9e+f0MCNfgKROh:lhba4Yeb9ig8qhwhSLYeb9zmSh
                              MD5:44FD9512DB8984BEB9575DE448FD6C8F
                              SHA1:B18B05D9A883CAD52DCB7875ABBAFFC4D48ECF08
                              SHA-256:C121F4570EFD2F7E1F73904FC34D93FE35553699ED067866BBFC4822F3096986
                              SHA-512:63D7BEC0A2B61C16CFC1BF32C8620EA1CEEE136E7A83BB0F93A6285C29CEB76EE1E864C86FE6A7190046D7458C0B9C5820813354CAD76BFC5314295D62A6824A
                              Malicious:false
                              Preview:2024/08/19-00:03:57.771 1608 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/19-00:03:57.772 1608 Recovering log #3.2024/08/19-00:03:57.772 1608 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/08/19-00:04:06.562 1644 Level-0 table #5: started.2024/08/19-00:04:06.588 1644 Level-0 table #5: 619413 bytes OK.2024/08/19-00:04:06.590 1644 Delete type=0 #3.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:OpenPGP Secret Key
                              Category:dropped
                              Size (bytes):103
                              Entropy (8bit):5.229063063257529
                              Encrypted:false
                              SSDEEP:3:scoBAIxQRDKIVjQlknhFhin1VTxFxN3erkEtl:scoBY7jQlknQ1VTxFDkHl
                              MD5:21639C3D1525A557B1695E11DED78BD1
                              SHA1:2C080E1A5CF2D7F9931CCA11B9788BE588BC3822
                              SHA-256:BED8DE0A24EBACFCA92F89111D940B62313D54456264CAE3E641CBA43BE544DE
                              SHA-512:12E43A7A8712C952DF24FEE5C94CA92FC29A650486ED8E8813271D4DF6C94D4BA06EA769286CBBBCA2074372DAD895456893228DC3F9616319B34D6DC3D38D13
                              Malicious:false
                              Preview:.|.."....leveldb.BytewiseComparator......m...7...............%.BLOOM_FILTER:.........DB_VERSION........

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                              Category:dropped
                              Size (bytes):20480
                              Entropy (8bit):0.6128843528340766
                              Encrypted:false
                              SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mW6MAqoiZ7dV:TLapR+DDNzWjJ0npnyXKUO8+jbpxmL
                              MD5:8ABA10374F5CB42806DAE1122D03C04A
                              SHA1:B8AD47D28B991036F2D536F37A36E8651884CBEE
                              SHA-256:42543C727A05D2FE28F9083E63449FB1AE05D23ABAACE4938D5188BCA95A7749
                              SHA-512:A19B5605A7391AC332AB4D90551A9AD1FC2B9D49BF460CB4038784D61331B348A68DAC5AD946399F8807F618261C4B053BF8B001C854CB32DFEFB9CFC22885FC
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):16
                              Entropy (8bit):3.2743974703476995
                              Encrypted:false
                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                              MD5:46295CAC801E5D4857D09837238A6394
                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                              Malicious:false
                              Preview:MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):375520
                              Entropy (8bit):5.35409625577237
                              Encrypted:false
                              SSDEEP:6144:bA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:bFdMyq49tEndBuHltBfdK5WNbsVEziPU
                              MD5:05588485D8D1B4343806C749D01B860F
                              SHA1:95A1E79BA8A1511F4069AA46A8EC659F302ADD3B
                              SHA-256:6BE92E2AE10837E7E8FCB1541629FC6738E139D328061B546E066748E3A37B74
                              SHA-512:0EB73E711DF15D825C65EF97F4591E7D016A47AFB5A8AB4A3FD769DE762C45700AFA413CBBE241E0D8B0B5929A3908FDFA435DE9D389C0C6458FE130BFFAB50B
                              Malicious:false
                              Preview:...m.................DB_VERSION.1?.U.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13368513850815357..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):16
                              Entropy (8bit):3.2743974703476995
                              Encrypted:false
                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                              MD5:46295CAC801E5D4857D09837238A6394
                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                              Malicious:false
                              Preview:MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):311
                              Entropy (8bit):5.126140183926106
                              Encrypted:false
                              SSDEEP:6:kr4BR1923oH+Tcwtk2WwnvB2KLleryL+q2P923oH+Tcwtk2WwnvIFUv:kfYebkxwnvFLMK+v4YebkxwnQFUv
                              MD5:CC1EE906C8C8D33EABAFF1FA957B22CE
                              SHA1:2CEE41278CE243B9009EFC449C861BA6ECF62F85
                              SHA-256:12ED9A501395EE070BBC9B0EB1E273D59EF39AA7BA7F6162018D0CF1495ABE8F
                              SHA-512:A437E645D1777D56FBA77B422E9C7EEF09E88615A37C941DEDEFAE066FBA2674E2328963D8AF14BF3BEB14A15D1815224631951958C3A25EE2156FBB3B922ABB
                              Malicious:false
                              Preview:2024/08/19-00:04:09.837 203c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/08/19-00:04:10.040 203c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:OpenPGP Secret Key
                              Category:dropped
                              Size (bytes):41
                              Entropy (8bit):4.704993772857998
                              Encrypted:false
                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                              Malicious:false
                              Preview:.|.."....leveldb.BytewiseComparator......

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):358860
                              Entropy (8bit):5.324602082543614
                              Encrypted:false
                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R+:C1gAg1zfv2
                              MD5:921E5CA8DC1A67C57D09C13B09A560B3
                              SHA1:B185792FDFC250A6BACF55787B800FA8505C1BA1
                              SHA-256:687D6970D4C0D3F0087415BEE0AAC0C70EE6B9C86EC4407AFC01AAFE44932B39
                              SHA-512:FF188262076860D1C868CC64B5E1465CC2842E49783C1DC38F1BA1DD2F9C8743620B81908CEADA97C91073E8AC5D8D2CEC672F5867CB0B2587DDBB4E73661234
                              Malicious:false
                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):418
                              Entropy (8bit):1.8784775129881184
                              Encrypted:false
                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                              Malicious:false
                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):321
                              Entropy (8bit):5.163796918515749
                              Encrypted:false
                              SSDEEP:6:k+rvvIq2P923oH+Tcwt8aPrqIFUt8R+rTZmw+R+rJkwO923oH+Tcwt8amLJ:k+rXIv4YebL3FUt8R+rT/+R+rJ5LYebc
                              MD5:69185A0A466D93BABF3937D7D6483EE9
                              SHA1:931FED14655EB807577912B00ABA0472F10C2957
                              SHA-256:20E34F7E74AF0F2FA90EB6D8D0426A5801C3EDE519CD866BB6025567402A746B
                              SHA-512:FB33CBC9DCC8EF4CE7DF98E9F9C20B9E9A40E832A88777CB52568F44852A579C28E0ACEBED89138CB13BA3F2471F33794C2FB50000BB3A382E2C05EAB2E9E617
                              Malicious:false
                              Preview:2024/08/19-00:03:57.698 140 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/19-00:03:57.704 140 Recovering log #3.2024/08/19-00:03:57.704 140 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):321
                              Entropy (8bit):5.163796918515749
                              Encrypted:false
                              SSDEEP:6:k+rvvIq2P923oH+Tcwt8aPrqIFUt8R+rTZmw+R+rJkwO923oH+Tcwt8amLJ:k+rXIv4YebL3FUt8R+rT/+R+rJ5LYebc
                              MD5:69185A0A466D93BABF3937D7D6483EE9
                              SHA1:931FED14655EB807577912B00ABA0472F10C2957
                              SHA-256:20E34F7E74AF0F2FA90EB6D8D0426A5801C3EDE519CD866BB6025567402A746B
                              SHA-512:FB33CBC9DCC8EF4CE7DF98E9F9C20B9E9A40E832A88777CB52568F44852A579C28E0ACEBED89138CB13BA3F2471F33794C2FB50000BB3A382E2C05EAB2E9E617
                              Malicious:false
                              Preview:2024/08/19-00:03:57.698 140 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/19-00:03:57.704 140 Recovering log #3.2024/08/19-00:03:57.704 140 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):418
                              Entropy (8bit):1.8784775129881184
                              Encrypted:false
                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                              Malicious:false
                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):325
                              Entropy (8bit):5.159116249185943
                              Encrypted:false
                              SSDEEP:6:k+rRIAq2P923oH+Tcwt865IFUt8R+rnAXZmw+R+rnhFkwO923oH+Tcwt86+ULJ:k+rjv4Yeb/WFUt8R+rAX/+R+rhF5LYev
                              MD5:B720582B3130561477C59284CFFE10CC
                              SHA1:B2F3CCDC888CDC0BB307211058A1534E4E5F0FEF
                              SHA-256:9A0BFA685EB940E079BB6224D53A2323875C8F17EA4C2F068D1CA6AC607B20E8
                              SHA-512:4FAF3283447D2073E770C53AA58DE29D12758E18711C57FE32D4AE7CE15CD59E4DF8D4A87C0BA5D526537059C80C16F3FA43565B7C9433EB31050D5039CA63A7
                              Malicious:false
                              Preview:2024/08/19-00:03:57.709 140 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/19-00:03:57.710 140 Recovering log #3.2024/08/19-00:03:57.711 140 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):325
                              Entropy (8bit):5.159116249185943
                              Encrypted:false
                              SSDEEP:6:k+rRIAq2P923oH+Tcwt865IFUt8R+rnAXZmw+R+rnhFkwO923oH+Tcwt86+ULJ:k+rjv4Yeb/WFUt8R+rAX/+R+rhF5LYev
                              MD5:B720582B3130561477C59284CFFE10CC
                              SHA1:B2F3CCDC888CDC0BB307211058A1534E4E5F0FEF
                              SHA-256:9A0BFA685EB940E079BB6224D53A2323875C8F17EA4C2F068D1CA6AC607B20E8
                              SHA-512:4FAF3283447D2073E770C53AA58DE29D12758E18711C57FE32D4AE7CE15CD59E4DF8D4A87C0BA5D526537059C80C16F3FA43565B7C9433EB31050D5039CA63A7
                              Malicious:false
                              Preview:2024/08/19-00:03:57.709 140 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/19-00:03:57.710 140 Recovering log #3.2024/08/19-00:03:57.711 140 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1254
                              Entropy (8bit):1.8784775129881184
                              Encrypted:false
                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                              MD5:826B4C0003ABB7604485322423C5212A
                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                              Malicious:false
                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):324
                              Entropy (8bit):5.155189775066253
                              Encrypted:false
                              SSDEEP:6:k+F8+q2P923oH+Tcwt8NIFUt8R+F8Zmw+R+FMFsVkwO923oH+Tcwt8+eLJ:k+fv4YebpFUt8R+S/+R+mM5LYebqJ
                              MD5:410043E6C1155CD80C1DD01A7C14E814
                              SHA1:811C1079D8234E91E82A0375703F472A510F9C22
                              SHA-256:D2389C2A28201026BEADF4410F7F5D4FC45282C0DCD508EAD77E506021006C8A
                              SHA-512:D396A6073017EADCA03544CC6E0386452ACE63F761AB117A2E6C54CC4CB20102511F06FC0CE797AD5CDDFF5DC5F349D27C4C3376D6914800791C6A31A070EBAD
                              Malicious:false
                              Preview:2024/08/19-00:03:59.534 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/19-00:03:59.534 1ff8 Recovering log #3.2024/08/19-00:03:59.535 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):324
                              Entropy (8bit):5.155189775066253
                              Encrypted:false
                              SSDEEP:6:k+F8+q2P923oH+Tcwt8NIFUt8R+F8Zmw+R+FMFsVkwO923oH+Tcwt8+eLJ:k+fv4YebpFUt8R+S/+R+mM5LYebqJ
                              MD5:410043E6C1155CD80C1DD01A7C14E814
                              SHA1:811C1079D8234E91E82A0375703F472A510F9C22
                              SHA-256:D2389C2A28201026BEADF4410F7F5D4FC45282C0DCD508EAD77E506021006C8A
                              SHA-512:D396A6073017EADCA03544CC6E0386452ACE63F761AB117A2E6C54CC4CB20102511F06FC0CE797AD5CDDFF5DC5F349D27C4C3376D6914800791C6A31A070EBAD
                              Malicious:false
                              Preview:2024/08/19-00:03:59.534 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/19-00:03:59.534 1ff8 Recovering log #3.2024/08/19-00:03:59.535 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):429
                              Entropy (8bit):5.809210454117189
                              Encrypted:false
                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                              MD5:5D1D9020CCEFD76CA661902E0C229087
                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                              Malicious:false
                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                              Category:dropped
                              Size (bytes):20480
                              Entropy (8bit):2.4460246136102346
                              Encrypted:false
                              SSDEEP:96:0BCyMbeZelS9nsH4/Aztc5uuoKwnvxjI7:mNMbe9sHXzC5Po1nJM7
                              MD5:95A2545E9F16DB8CDF6D8A45D03CFD3E
                              SHA1:09F238646A4ED35C06C2906076A9DA5689E5248D
                              SHA-256:06F32863CBA42AF7E395F8D7015EC247F18D4CE423E0BCC0AADAA5954A525D3B
                              SHA-512:CE3973EF9348BFA02ADE4A9CF4144FAAA931773CD192B4CB3CA37423CF35011F7577DD0B95B03879012E89BD74A3B4B8249C16908D3778567ABABEEDFD967C1A
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                              Category:dropped
                              Size (bytes):155648
                              Entropy (8bit):0.6775113703150034
                              Encrypted:false
                              SSDEEP:96:1w4mKhEWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEpMDDzs:1w4N9hH+bDo3iN0Z2TVJkXBBE3yblDzs
                              MD5:C9F5394B3EAA4B668AEBBBC7170957D2
                              SHA1:6F4976E6A7E05E4662E5B7335086F5D1324EF2B7
                              SHA-256:A44FB644B2AF67991E7CE873CD936C4AA66F749AEBABEFEA363E3ACAC6B0E88C
                              SHA-512:A025EEE2E508D07B76803AFEF7AA457CD4BFA282C93708EE36AC2137E65B0259935620B81DEAF19160832AB36AC182EBB839CED2DAE473CF59797B4DBFFD94D0
                              Malicious:false
                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):0.21785642788036433
                              Encrypted:false
                              SSDEEP:3:FlntFlljq7A/mhWJFuQ3yy7IOWUFt5Kl/dweytllrE9SFcTp4AGbNCV9RUIeR:E75fOXKl/d0Xi99pEYMR
                              MD5:3FDE5235321C10D85995E375D4E85FE9
                              SHA1:F4EA56B5D3DCB7F52BF1CC056B716054556446DE
                              SHA-256:DAB025F9E6004202CB228AD3E7BE4FB1A3CF7DF8C8377EB2915A561F959AA3B7
                              SHA-512:3485A76005C51AA5A700F3D542935524B7D0F0C3372BB8EB971076FE859F000FB80713EF27BE01CCD31A9F540B8BEBB80362D937C6AEB9F42712FCA5C43CE84B
                              Malicious:false
                              Preview:............_.H....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                              Category:dropped
                              Size (bytes):115717
                              Entropy (8bit):5.183660917461099
                              Encrypted:false
                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                              Malicious:false
                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                              Category:dropped
                              Size (bytes):49152
                              Entropy (8bit):3.6481262007522295
                              Encrypted:false
                              SSDEEP:384:aj9P0LEcAjlrP/KbtpQkQerE773pL9hCgam6ItRKToaAu:adyKlrP/se2E7Pv9RKcC
                              MD5:DF0D2FCFE368ECEEB78C13B004DAEDBD
                              SHA1:1E9121546F3F0758130C2A37F274C56BCE00B702
                              SHA-256:91ED1A0AB9A23419FBD76C4A2435EDC1CCBAB5FC481528342F34159558CA8ABB
                              SHA-512:13179A41D9084C4778EFD801A91E2D18B87C5BA662BF08170564DEB9742BD0F93B00D538413B6E6A8D38171E7EFC190E17EAB09C3B396835FC02E9F6A2E5E474
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):408
                              Entropy (8bit):5.243092134952294
                              Encrypted:false
                              SSDEEP:12:kJOv4Yeb8rcHEZrELFUt8Ry/+R+5LYeb8rcHEZrEZSJ:gM4Yeb8nZrExg8cLYeb8nZrEZe
                              MD5:77432217B3A76450534995E89A30472A
                              SHA1:800946DBE21EDAB5F701C0DA5922C935B3C65A66
                              SHA-256:18055BC2B5E788161569F35C6E2B7D4E4B608B2BFCCFAC5EDF12B7B1DE0DF4B4
                              SHA-512:D2E90CF2501D2031A03831604EBFBE8463485F59066FA4C93B998ACBC8702B6A2C11EFBE91D91E95734532AAE59C138110AAFD1736C099E62C2098D4D18F3517
                              Malicious:false
                              Preview:2024/08/19-00:04:06.360 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/19-00:04:06.361 1ff8 Recovering log #3.2024/08/19-00:04:06.361 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):408
                              Entropy (8bit):5.243092134952294
                              Encrypted:false
                              SSDEEP:12:kJOv4Yeb8rcHEZrELFUt8Ry/+R+5LYeb8rcHEZrEZSJ:gM4Yeb8nZrExg8cLYeb8nZrEZe
                              MD5:77432217B3A76450534995E89A30472A
                              SHA1:800946DBE21EDAB5F701C0DA5922C935B3C65A66
                              SHA-256:18055BC2B5E788161569F35C6E2B7D4E4B608B2BFCCFAC5EDF12B7B1DE0DF4B4
                              SHA-512:D2E90CF2501D2031A03831604EBFBE8463485F59066FA4C93B998ACBC8702B6A2C11EFBE91D91E95734532AAE59C138110AAFD1736C099E62C2098D4D18F3517
                              Malicious:false
                              Preview:2024/08/19-00:04:06.360 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/19-00:04:06.361 1ff8 Recovering log #3.2024/08/19-00:04:06.361 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):336
                              Entropy (8bit):5.109027486386108
                              Encrypted:false
                              SSDEEP:6:k+FtVROq2P923oH+Tcwt8a2jMGIFUt8R+FQZmw+R+F9WhkwO923oH+Tcwt8a2jM4:k+TVMv4Yeb8EFUt8R+e/+R+PWh5LYebw
                              MD5:D5BE7EBBC16C366477F5208DC0F9273B
                              SHA1:A328505962A970477A1B8763445BDEC940AAD961
                              SHA-256:6144AB3B295F2BC66F15D127E7FFE50CADDF32EEB8FE422C48D659E12A0FECB4
                              SHA-512:3ED998DD926108831158D2873775D18697B8D057D57865807608864A16934F9D734EE1272ED00120A8E1E385547024FAE2BB29EBB8D38D5484CDF684F43F1FC7
                              Malicious:false
                              Preview:2024/08/19-00:03:59.017 2004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/19-00:03:59.018 2004 Recovering log #3.2024/08/19-00:03:59.025 2004 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):336
                              Entropy (8bit):5.109027486386108
                              Encrypted:false
                              SSDEEP:6:k+FtVROq2P923oH+Tcwt8a2jMGIFUt8R+FQZmw+R+F9WhkwO923oH+Tcwt8a2jM4:k+TVMv4Yeb8EFUt8R+e/+R+PWh5LYebw
                              MD5:D5BE7EBBC16C366477F5208DC0F9273B
                              SHA1:A328505962A970477A1B8763445BDEC940AAD961
                              SHA-256:6144AB3B295F2BC66F15D127E7FFE50CADDF32EEB8FE422C48D659E12A0FECB4
                              SHA-512:3ED998DD926108831158D2873775D18697B8D057D57865807608864A16934F9D734EE1272ED00120A8E1E385547024FAE2BB29EBB8D38D5484CDF684F43F1FC7
                              Malicious:false
                              Preview:2024/08/19-00:03:59.017 2004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/19-00:03:59.018 2004 Recovering log #3.2024/08/19-00:03:59.025 2004 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):24576
                              Entropy (8bit):0.4036245642026203
                              Encrypted:false
                              SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IzPbadg:TxKX0wxORAmA/U1cEB5ISdg
                              MD5:41EE71F6063B030759E0E6D21992531D
                              SHA1:3E1CBA7E7B7EEAC3ADFDD6463F6115A6ECD1D791
                              SHA-256:2B3B1D9026C5C3450C8522C84E026F8FB218E9868937302CAB38971569CD785A
                              SHA-512:CD2EAC387026DE73F4B81C6771A4D88B430B0C125FFFF085BB1D3423208C391B4BA933F031830DCFC6662486D2533A6989AB9E12BFDF77AF30E6E6E3D0DBAC36
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0abac26e-d134-4098-b71e-abc5cfd9bf8e.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\285c484f-a17e-4bf0-9303-602f6301dffd.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\60402f3b-2634-4a93-81ae-032f6e1b607f.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\61a55edd-7a88-4bd8-afc5-9a8c9db48980.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\718f13b6-c5d8-4466-bf0e-c5e4d816fd83.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):188
                              Entropy (8bit):5.311859578857846
                              Encrypted:false
                              SSDEEP:3:YWRAWNj2SbQBXMcJY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqY4:YWyWNCjBXd1Bv31dB8wXwlmUUAnIMp5f
                              MD5:EE35B8B0FAA5501012B1BAA4D2F1FC5E
                              SHA1:E3BA1B875A1C7F59D5FAE0FA1B51E39FCDEB5ED3
                              SHA-256:E72A31C8CDAB63A0D68336C754A69B216E9E289E431AF912C2837E3FF1AA345A
                              SHA-512:CE6346E6A54918C3F241CAC2CDF98DDE2CBF85F13EB20B17BA0AEFA1CCA9B4195930F8F381C35D51603C3A7E33B2CF1ADB75E4EB1766E7B72A4748820FF7D8B6
                              Malicious:false
                              Preview:{"sts":[{"expiry":1755576250.235299,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724040250.235304}],"version":2}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\752cba57-e283-4368-a929-6b98957a8850.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2949
                              Entropy (8bit):5.312694107514592
                              Encrypted:false
                              SSDEEP:48:YcgCzsmtsCgsxfcKsyWaZleeEslGf4kBRsk/+Hdsw+HzstOW+HDessCxbx9+:FtNp2aZkeUf4kBB/4H4MV4aAV9+
                              MD5:4C82578E4D60A1E4348E8D4ADA895418
                              SHA1:5EF50D0ACD5AC200B08EE68AF7E8468673426AB7
                              SHA-256:45E645600B0C68F6F62FECE92FFC005A284C45DFE4A5C7BBA9D90BEC14E99231
                              SHA-512:8B7D5117EB37D29B0E8D08D21D6D3B724ACF6B53325661C43B44EE5E44A4663791AC8C819159C91047C77DEF0301BCE1D416B49094AAA5058574868A7D439881
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105842452118","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105844849404","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105847732292","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"133711058

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\79a0d0e0-acf5-467d-b35d-c0b74469780b.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):40
                              Entropy (8bit):4.1275671571169275
                              Encrypted:false
                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                              MD5:20D4B8FA017A12A108C87F540836E250
                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                              Malicious:false
                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8a69f01f-58b2-4c68-b119-5406718e0aa8.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):188
                              Entropy (8bit):5.309920600258908
                              Encrypted:false
                              SSDEEP:3:YWRAWNj2SaKEOQJXPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYVRF:YWyWNCTnXBv31dB8wXwlmUUAnIMp5YVb
                              MD5:5A883C8C93BAD4B9A72B365A965CCDFE
                              SHA1:CFF394DB26D9F1A930CCE11CDFD0AA093D73C55E
                              SHA-256:60B1DC32CA0F4278DB4B6DC5C81E2B2CCA18C7DFCDCA093E1245A7AFDAA1D13B
                              SHA-512:F811C68B782E1D16B059F0C55914046411A30DCA5DCE4A9172FF0E07E764BB48147C4EFC3C37CACC9C3CC6B06D4000FD2C88FBBBBF623A6DED720FC612D1D297
                              Malicious:false
                              Preview:{"sts":[{"expiry":1755576310.212895,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724040310.212901}],"version":2}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                              Category:dropped
                              Size (bytes):20480
                              Entropy (8bit):1.0876595720717472
                              Encrypted:false
                              SSDEEP:48:T2dKLopF+SawLUO1Xj8BjpdCpHo3VzgK+nP4OFyPr:ige+Auj/Azcr
                              MD5:517934EB0B42B3E73E95FD61E0401A69
                              SHA1:E5B8DB1C7BDBA5F0094E79CF6585E6B10E8E3FAE
                              SHA-256:2C01A5C59BBAAB56907327FAA1333EE5638EA8F0B558FFA5F74CDDCC9A379E15
                              SHA-512:4B483F362F74E7FB529E45B7326D46343B64D917B812B730FF86A54D5F25FF9F877334CF82970EF700814CB81DB76F6BA4AB007A7E54FFAE84FB575D591E7E66
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2949
                              Entropy (8bit):5.312694107514592
                              Encrypted:false
                              SSDEEP:48:YcgCzsmtsCgsxfcKsyWaZleeEslGf4kBRsk/+Hdsw+HzstOW+HDessCxbx9+:FtNp2aZkeUf4kBB/4H4MV4aAV9+
                              MD5:4C82578E4D60A1E4348E8D4ADA895418
                              SHA1:5EF50D0ACD5AC200B08EE68AF7E8468673426AB7
                              SHA-256:45E645600B0C68F6F62FECE92FFC005A284C45DFE4A5C7BBA9D90BEC14E99231
                              SHA-512:8B7D5117EB37D29B0E8D08D21D6D3B724ACF6B53325661C43B44EE5E44A4663791AC8C819159C91047C77DEF0301BCE1D416B49094AAA5058574868A7D439881
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105842452118","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105844849404","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371105847732292","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"133711058

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                              Category:dropped
                              Size (bytes):36864
                              Entropy (8bit):1.3308149318117874
                              Encrypted:false
                              SSDEEP:96:uIEumQv8m1ccnvS6QDo2dQF2YQ9UZy1mRVkI:uIEumQv8m1ccnvS6N282rUZyAd
                              MD5:4D3A878115D577B420AB2D49CF0E721D
                              SHA1:591E7EED8277CE2B5931FB9F5427687495DB9A47
                              SHA-256:1A611CC684D46EB333D7E2BE586ED9BC8520FAAEDC346E49FE8ADB3FA07BAFF5
                              SHA-512:9A85BB6EBA9B390AED369959CA2ED111AB35B43795CD06BB27CC91BA3E8D9C480FD0A520E44F7B5D3FD039FB2F1B7D60D754E6B3DA280E4926741E5714DEF3E7
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34fb7.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF35ae3.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3686f.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):40
                              Entropy (8bit):4.1275671571169275
                              Encrypted:false
                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                              MD5:20D4B8FA017A12A108C87F540836E250
                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                              Malicious:false
                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):188
                              Entropy (8bit):5.311859578857846
                              Encrypted:false
                              SSDEEP:3:YWRAWNj2SbQBXMcJY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqY4:YWyWNCjBXd1Bv31dB8wXwlmUUAnIMp5f
                              MD5:EE35B8B0FAA5501012B1BAA4D2F1FC5E
                              SHA1:E3BA1B875A1C7F59D5FAE0FA1B51E39FCDEB5ED3
                              SHA-256:E72A31C8CDAB63A0D68336C754A69B216E9E289E431AF912C2837E3FF1AA345A
                              SHA-512:CE6346E6A54918C3F241CAC2CDF98DDE2CBF85F13EB20B17BA0AEFA1CCA9B4195930F8F381C35D51603C3A7E33B2CF1ADB75E4EB1766E7B72A4748820FF7D8B6
                              Malicious:false
                              Preview:{"sts":[{"expiry":1755576250.235299,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724040250.235304}],"version":2}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF462cd.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):188
                              Entropy (8bit):5.311859578857846
                              Encrypted:false
                              SSDEEP:3:YWRAWNj2SbQBXMcJY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqY4:YWyWNCjBXd1Bv31dB8wXwlmUUAnIMp5f
                              MD5:EE35B8B0FAA5501012B1BAA4D2F1FC5E
                              SHA1:E3BA1B875A1C7F59D5FAE0FA1B51E39FCDEB5ED3
                              SHA-256:E72A31C8CDAB63A0D68336C754A69B216E9E289E431AF912C2837E3FF1AA345A
                              SHA-512:CE6346E6A54918C3F241CAC2CDF98DDE2CBF85F13EB20B17BA0AEFA1CCA9B4195930F8F381C35D51603C3A7E33B2CF1ADB75E4EB1766E7B72A4748820FF7D8B6
                              Malicious:false
                              Preview:{"sts":[{"expiry":1755576250.235299,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724040250.235304}],"version":2}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                              Category:dropped
                              Size (bytes):20480
                              Entropy (8bit):0.8307038620100359
                              Encrypted:false
                              SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                              MD5:B18967139991D9CA13DF7E493540A358
                              SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                              SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                              SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):9748
                              Entropy (8bit):5.116757890996622
                              Encrypted:false
                              SSDEEP:192:stNkdhsWUrMsZihUk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNSsWUrMfhA6bGtQx6WzaTYZ
                              MD5:85009BFE302DFBA646C570D72305EAAD
                              SHA1:C08274778790F04E597F2F18DCB3EF4A3BF71E9E
                              SHA-256:5FD4CE96648D8AE705A4AB468F53014CF07EE606C823908C32DC9310CD982FF0
                              SHA-512:6B2999F84946AD7DAD7C658C4F3B8EC74D5431283E2EE0CB48E75AC47B33BAF98E4C8A6D3D0CEBCF9744876731F858394443DA4913A92D74DFC5351701B2FC98
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF379b5.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):9748
                              Entropy (8bit):5.116757890996622
                              Encrypted:false
                              SSDEEP:192:stNkdhsWUrMsZihUk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNSsWUrMfhA6bGtQx6WzaTYZ
                              MD5:85009BFE302DFBA646C570D72305EAAD
                              SHA1:C08274778790F04E597F2F18DCB3EF4A3BF71E9E
                              SHA-256:5FD4CE96648D8AE705A4AB468F53014CF07EE606C823908C32DC9310CD982FF0
                              SHA-512:6B2999F84946AD7DAD7C658C4F3B8EC74D5431283E2EE0CB48E75AC47B33BAF98E4C8A6D3D0CEBCF9744876731F858394443DA4913A92D74DFC5351701B2FC98
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3bc6b.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):9748
                              Entropy (8bit):5.116757890996622
                              Encrypted:false
                              SSDEEP:192:stNkdhsWUrMsZihUk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNSsWUrMfhA6bGtQx6WzaTYZ
                              MD5:85009BFE302DFBA646C570D72305EAAD
                              SHA1:C08274778790F04E597F2F18DCB3EF4A3BF71E9E
                              SHA-256:5FD4CE96648D8AE705A4AB468F53014CF07EE606C823908C32DC9310CD982FF0
                              SHA-512:6B2999F84946AD7DAD7C658C4F3B8EC74D5431283E2EE0CB48E75AC47B33BAF98E4C8A6D3D0CEBCF9744876731F858394443DA4913A92D74DFC5351701B2FC98
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f648.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):9748
                              Entropy (8bit):5.116757890996622
                              Encrypted:false
                              SSDEEP:192:stNkdhsWUrMsZihUk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNSsWUrMfhA6bGtQx6WzaTYZ
                              MD5:85009BFE302DFBA646C570D72305EAAD
                              SHA1:C08274778790F04E597F2F18DCB3EF4A3BF71E9E
                              SHA-256:5FD4CE96648D8AE705A4AB468F53014CF07EE606C823908C32DC9310CD982FF0
                              SHA-512:6B2999F84946AD7DAD7C658C4F3B8EC74D5431283E2EE0CB48E75AC47B33BAF98E4C8A6D3D0CEBCF9744876731F858394443DA4913A92D74DFC5351701B2FC98
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF431bb.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):9748
                              Entropy (8bit):5.116757890996622
                              Encrypted:false
                              SSDEEP:192:stNkdhsWUrMsZihUk93o8c6bV+FKgQA66WzaFIMYRPeYJ:stNSsWUrMfhA6bGtQx6WzaTYZ
                              MD5:85009BFE302DFBA646C570D72305EAAD
                              SHA1:C08274778790F04E597F2F18DCB3EF4A3BF71E9E
                              SHA-256:5FD4CE96648D8AE705A4AB468F53014CF07EE606C823908C32DC9310CD982FF0
                              SHA-512:6B2999F84946AD7DAD7C658C4F3B8EC74D5431283E2EE0CB48E75AC47B33BAF98E4C8A6D3D0CEBCF9744876731F858394443DA4913A92D74DFC5351701B2FC98
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):16
                              Entropy (8bit):3.2743974703476995
                              Encrypted:false
                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                              MD5:46295CAC801E5D4857D09837238A6394
                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                              Malicious:false
                              Preview:MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:modified
                              Size (bytes):83572
                              Entropy (8bit):5.664137520454199
                              Encrypted:false
                              SSDEEP:1536:kL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:kL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                              MD5:319C56977B3163924846FF0AC944D5E9
                              SHA1:D79152B9C4723441EC4C33A52564F1FB339E16F7
                              SHA-256:42CD681F6102AF52C5269C1E00603A3A799E5E4BC664E3589EC6C49FE7E394BD
                              SHA-512:A013DA38701ED95C914B6EA57C2EC28DAE9A2F546A9E17FFD3E7867CBF73E4A45C305671F8F3BFF01ED10F76AC63F410AABD592104E1E9B2BE4511337439F06B
                              Malicious:false
                              Preview:...m.................DB_VERSION.1S..^j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13368513852954682..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):16
                              Entropy (8bit):3.2743974703476995
                              Encrypted:false
                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                              MD5:46295CAC801E5D4857D09837238A6394
                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                              Malicious:false
                              Preview:MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):309
                              Entropy (8bit):5.185764301221135
                              Encrypted:false
                              SSDEEP:6:kr+RM1923oH+TcwtgctZQInvB2KLlerhr4q2P923oH+TcwtgctZQInvIFUv:kChYebgGZznvFLMNsv4YebgGZznQFUv
                              MD5:6093A6140F097C84AF68D3EB0FC80685
                              SHA1:CE81016FB54AACC957F9BE650BA47444B95B9AF8
                              SHA-256:692B46C9E4B92C82E0D631EEA1146FB521F0FB3BB9C99C485F8F564A4DD55D32
                              SHA-512:6313D8DCE195CA3FB780399506A6886CF0A96434F474404F7F4F37F9555A8857BBEA17AA38A3BFF9BDEA92E33F7A352EBEAAAA6F64632EB5653D06ECCEBF6251
                              Malicious:false
                              Preview:2024/08/19-00:04:12.184 2354 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/08/19-00:04:12.267 2354 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:OpenPGP Secret Key
                              Category:dropped
                              Size (bytes):41
                              Entropy (8bit):4.704993772857998
                              Encrypted:false
                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                              Malicious:false
                              Preview:.|.."....leveldb.BytewiseComparator......

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):24853
                              Entropy (8bit):5.564563560643124
                              Encrypted:false
                              SSDEEP:768:tfxFeboWP+YffgH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZwUJyrwvZpktur:tfxFeboWP+YffgHu1jaQjJ3v0to
                              MD5:5ACC3D79C6051FB3C037B2C75B540EB7
                              SHA1:B998AC3700A193D1A143A1F2FA90459E47DF4B6F
                              SHA-256:6BD6E5300DC16FFB6CDB20288AA6C4139968BA48D2469630F8A064675EB20FE0
                              SHA-512:FDCDB6AECA43ECD79E0690F7727447E7248C5AEE7FE1A7EEEB68AC452EE8C83633F6BAF3BEB72B8DEFF2C18A420985410D25AE7F7DB007B1D2D1EE0766328B57
                              Malicious:false
                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368513837613433","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368513837613433","location":5,"ma

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF37010.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):24853
                              Entropy (8bit):5.564563560643124
                              Encrypted:false
                              SSDEEP:768:tfxFeboWP+YffgH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZwUJyrwvZpktur:tfxFeboWP+YffgHu1jaQjJ3v0to
                              MD5:5ACC3D79C6051FB3C037B2C75B540EB7
                              SHA1:B998AC3700A193D1A143A1F2FA90459E47DF4B6F
                              SHA-256:6BD6E5300DC16FFB6CDB20288AA6C4139968BA48D2469630F8A064675EB20FE0
                              SHA-512:FDCDB6AECA43ECD79E0690F7727447E7248C5AEE7FE1A7EEEB68AC452EE8C83633F6BAF3BEB72B8DEFF2C18A420985410D25AE7F7DB007B1D2D1EE0766328B57
                              Malicious:false
                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368513837613433","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368513837613433","location":5,"ma

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3a0f4.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):24853
                              Entropy (8bit):5.564563560643124
                              Encrypted:false
                              SSDEEP:768:tfxFeboWP+YffgH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZwUJyrwvZpktur:tfxFeboWP+YffgHu1jaQjJ3v0to
                              MD5:5ACC3D79C6051FB3C037B2C75B540EB7
                              SHA1:B998AC3700A193D1A143A1F2FA90459E47DF4B6F
                              SHA-256:6BD6E5300DC16FFB6CDB20288AA6C4139968BA48D2469630F8A064675EB20FE0
                              SHA-512:FDCDB6AECA43ECD79E0690F7727447E7248C5AEE7FE1A7EEEB68AC452EE8C83633F6BAF3BEB72B8DEFF2C18A420985410D25AE7F7DB007B1D2D1EE0766328B57
                              Malicious:false
                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368513837613433","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368513837613433","location":5,"ma

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):440
                              Entropy (8bit):4.648957346755332
                              Encrypted:false
                              SSDEEP:12:S+a8ljljljljl2dpUpXuTLB3+CYQ3pXuTLBSnGz3A/XkAvkAvkAv:Ra0ZZZZOpUpXuTVnpXuTsG0Xk8k8k8
                              MD5:ECCBB03534C45E95947520B1DF3704FE
                              SHA1:0FC4CACD148CEC65F24F7EF08A64F66236F73A6B
                              SHA-256:B2137D2A492E89A3CDEF1EAD1DBF5BB019CE746B5D0B9C6DBBE180602089FA22
                              SHA-512:5DA1A3124BB066AA56E249B8568B9181DDC8605F3B8B889988CC9BF574075FE4911F95C2CFCF84BBA9FA3F8F4D93EE72B9603070956CDE090EE10C7A457C19C1
                              Malicious:false
                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............\.t.j................next-map-id.1.Knamespace-892b3870_62d5_4b7b_8cd2_cd78a43311fa-https://accounts.google.com/.0weE1k................next-map-id.2.Lnamespace-892b3870_62d5_4b7b_8cd2_cd78a43311fa-https://accounts.youtube.com/.1. .................. .................. .................. .................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):324
                              Entropy (8bit):5.102989596525869
                              Encrypted:false
                              SSDEEP:6:k+FYq2P923oH+TcwtrQMxIFUt8R+FcX1Zmw+R+FVIFkwO923oH+TcwtrQMFLJ:k+6v4YebCFUt8R+I1/+R+XIF5LYebtJ
                              MD5:5DE2C5972424F7B11B49211F60A59648
                              SHA1:F2AAD936CB57A4F0B270401AB477464B5FE0A2DA
                              SHA-256:98779A5DA1AC10C8B122A0D439B11E66A5E33941D00FB43F7B7F6A77C6D1E62B
                              SHA-512:D8AA78A4CFC79728C91495B20F99D639E7ACC057186A3990EE51101AD3F0A267B69BFCAA65F3B9AE20057FA6027073A76EE36FD86329E61E27A82A4A517D5D47
                              Malicious:false
                              Preview:2024/08/19-00:03:59.813 2004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/19-00:03:59.816 2004 Recovering log #3.2024/08/19-00:03:59.823 2004 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):324
                              Entropy (8bit):5.102989596525869
                              Encrypted:false
                              SSDEEP:6:k+FYq2P923oH+TcwtrQMxIFUt8R+FcX1Zmw+R+FVIFkwO923oH+TcwtrQMFLJ:k+6v4YebCFUt8R+I1/+R+XIF5LYebtJ
                              MD5:5DE2C5972424F7B11B49211F60A59648
                              SHA1:F2AAD936CB57A4F0B270401AB477464B5FE0A2DA
                              SHA-256:98779A5DA1AC10C8B122A0D439B11E66A5E33941D00FB43F7B7F6A77C6D1E62B
                              SHA-512:D8AA78A4CFC79728C91495B20F99D639E7ACC057186A3990EE51101AD3F0A267B69BFCAA65F3B9AE20057FA6027073A76EE36FD86329E61E27A82A4A517D5D47
                              Malicious:false
                              Preview:2024/08/19-00:03:59.813 2004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/19-00:03:59.816 2004 Recovering log #3.2024/08/19-00:03:59.823 2004 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368513840123270

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):7961
                              Entropy (8bit):4.180677777990507
                              Encrypted:false
                              SSDEEP:96:3P/yUqW1Hxbfm81HxbfmR4Q6nPtWkl7wcGBgQ6nPtWkl7wNGeFs3nXambY:3CkTA43PtW0798g3PtW07kGe63XayY
                              MD5:05BDD1CACC5EEF0C60203F80BD488466
                              SHA1:86A842956887BBA9CA4E49882A1450C0C9007D76
                              SHA-256:B55D1C913C5FFA1CF844C2A971D532390D678337FCFA28EAC1196C204A534C6E
                              SHA-512:FE44461043F3D0C58508F1BCC0775A290E05E2E1E97CDA08E01C8449B51AD2FFDA105FDF3EAC5F4DE22D20415AD6B504D79B2D1F4E3CE2606C4F417222C86E09
                              Malicious:false
                              Preview:SNSS..........U..............U......"...U..............U..........U..........U..........U....!.....U..................................U...U1..,......U$...892b3870_62d5_4b7b_8cd2_cd78a43311fa......U..........U......J...........U......U..........................U.......................5..0......U&...{98952893-68FF-4A5D-A164-705C709ED3DB}........U..............U..................Uo...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64................U..............................U..................Uo...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):20480
                              Entropy (8bit):0.44194574462308833
                              Encrypted:false
                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):352
                              Entropy (8bit):5.173796113261671
                              Encrypted:false
                              SSDEEP:6:k+ruOQL+q2P923oH+Tcwt7Uh2ghZIFUt8R+rgG1Zmw+R+rgQLVkwO923oH+Tcwts:k+rayv4YebIhHh2FUt8R+rp/+R+rVR5g
                              MD5:9DA6D195227261B477946ACFABE8E10E
                              SHA1:AFBC6415F19D26DF5E2EE022C6F28999B6624D4F
                              SHA-256:D5652E4EF86E22953B3F1595A62DCAB4F636DC3ECC4C639A2A09EF69C5A90FF6
                              SHA-512:B2FE7BA932C98649B2935460F08302A97E36705AE5C601859991187BF84488E13AF0DBA378ABAFE784F89318F5254DE1D922B148A10E336EEDAB65FAF818E8A3
                              Malicious:false
                              Preview:2024/08/19-00:03:57.612 1d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/19-00:03:57.613 1d18 Recovering log #3.2024/08/19-00:03:57.613 1d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):352
                              Entropy (8bit):5.173796113261671
                              Encrypted:false
                              SSDEEP:6:k+ruOQL+q2P923oH+Tcwt7Uh2ghZIFUt8R+rgG1Zmw+R+rgQLVkwO923oH+Tcwts:k+rayv4YebIhHh2FUt8R+rp/+R+rVR5g
                              MD5:9DA6D195227261B477946ACFABE8E10E
                              SHA1:AFBC6415F19D26DF5E2EE022C6F28999B6624D4F
                              SHA-256:D5652E4EF86E22953B3F1595A62DCAB4F636DC3ECC4C639A2A09EF69C5A90FF6
                              SHA-512:B2FE7BA932C98649B2935460F08302A97E36705AE5C601859991187BF84488E13AF0DBA378ABAFE784F89318F5254DE1D922B148A10E336EEDAB65FAF818E8A3
                              Malicious:false
                              Preview:2024/08/19-00:03:57.612 1d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/19-00:03:57.613 1d18 Recovering log #3.2024/08/19-00:03:57.613 1d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):270336
                              Entropy (8bit):0.0012471779557650352
                              Encrypted:false
                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):270336
                              Entropy (8bit):0.0012471779557650352
                              Encrypted:false
                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):434
                              Entropy (8bit):5.236220565871615
                              Encrypted:false
                              SSDEEP:12:k+Xd1v4YebvqBQFUt8R+rA/+R+z5LYebvqBvJ:l4YebvZg85LYebvk
                              MD5:7602386126999828625F07A46CE9F330
                              SHA1:84D6E79A65D7EE3CF49805B7DA273602D979CFD5
                              SHA-256:1341B447590A68B3289A2B125A6768F42BA7A1F86C95163675968D458D486F43
                              SHA-512:3B590F11527B1285F1DB95C1164C61B0693268ED27E73482A255E22437F9DA3BA61832D02873F5035188AA0FDAD83CF0FF8B16A49A8400FF05FBF2A7978669F5
                              Malicious:false
                              Preview:2024/08/19-00:03:59.828 2054 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/19-00:03:59.831 2054 Recovering log #3.2024/08/19-00:03:59.836 2054 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):434
                              Entropy (8bit):5.236220565871615
                              Encrypted:false
                              SSDEEP:12:k+Xd1v4YebvqBQFUt8R+rA/+R+z5LYebvqBvJ:l4YebvZg85LYebvk
                              MD5:7602386126999828625F07A46CE9F330
                              SHA1:84D6E79A65D7EE3CF49805B7DA273602D979CFD5
                              SHA-256:1341B447590A68B3289A2B125A6768F42BA7A1F86C95163675968D458D486F43
                              SHA-512:3B590F11527B1285F1DB95C1164C61B0693268ED27E73482A255E22437F9DA3BA61832D02873F5035188AA0FDAD83CF0FF8B16A49A8400FF05FBF2A7978669F5
                              Malicious:false
                              Preview:2024/08/19-00:03:59.828 2054 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/19-00:03:59.831 2054 Recovering log #3.2024/08/19-00:03:59.836 2054 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\35bd01f0-7487-4904-8aa1-7e48e7fee88a.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):144
                              Entropy (8bit):4.842082263530856
                              Encrypted:false
                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                              MD5:ABE81C38891A875B52127ACE9C314105
                              SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                              SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                              SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5a093b6e-6161-46a1-ba19-c7e8964bf442.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\73b720db-9bec-40bb-a6de-2d5189d5946b.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):40
                              Entropy (8bit):4.1275671571169275
                              Encrypted:false
                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                              MD5:20D4B8FA017A12A108C87F540836E250
                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                              Malicious:false
                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9bbe463d-8697-432f-b91c-27b442158d27.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):144
                              Entropy (8bit):4.842082263530856
                              Encrypted:false
                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                              MD5:ABE81C38891A875B52127ACE9C314105
                              SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                              SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                              SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF35ae3.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3686f.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):40
                              Entropy (8bit):4.1275671571169275
                              Encrypted:false
                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                              MD5:20D4B8FA017A12A108C87F540836E250
                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                              Malicious:false
                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                              Category:dropped
                              Size (bytes):36864
                              Entropy (8bit):0.3886039372934488
                              Encrypted:false
                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c0fa4da1-886c-4245-b4ae-eb0b67852b08.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2
                              Entropy (8bit):1.0
                              Encrypted:false
                              SSDEEP:3:H:H
                              MD5:D751713988987E9331980363E24189CE
                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                              Malicious:false
                              Preview:[]

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):80
                              Entropy (8bit):3.4921535629071894
                              Encrypted:false
                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                              MD5:69449520FD9C139C534E2970342C6BD8
                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                              Malicious:false
                              Preview:*...#................version.1..namespace-..&f.................&f...............

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):422
                              Entropy (8bit):5.17971238826289
                              Encrypted:false
                              SSDEEP:6:krC7q2P923oH+TcwtzjqEKj0QMxIFUt8Rra1Zmw+RrgkwO923oH+TcwtzjqEKj0b:kWv4YebvqBZFUt8RG1/+Rk5LYebvqBaJ
                              MD5:F7E88510E676894B77FE639FA17B6AF8
                              SHA1:BF20E512D49FA47727EBF73024470396A9819FE0
                              SHA-256:91DE375DAC2266EEFDBA132520D4B242294981A2F309DD81D021C9EDF723551A
                              SHA-512:687824C1BF27EA24330CC5DF76209F728D40DD3277A29F8D9F05B9E4573AE5EF49E69E41403E473E36B855BDF6918C598E4CFFFD6FC122CA27B632190A32C53B
                              Malicious:false
                              Preview:2024/08/19-00:04:20.589 2004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/19-00:04:20.591 2004 Recovering log #3.2024/08/19-00:04:20.593 2004 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):422
                              Entropy (8bit):5.17971238826289
                              Encrypted:false
                              SSDEEP:6:krC7q2P923oH+TcwtzjqEKj0QMxIFUt8Rra1Zmw+RrgkwO923oH+TcwtzjqEKj0b:kWv4YebvqBZFUt8RG1/+Rk5LYebvqBaJ
                              MD5:F7E88510E676894B77FE639FA17B6AF8
                              SHA1:BF20E512D49FA47727EBF73024470396A9819FE0
                              SHA-256:91DE375DAC2266EEFDBA132520D4B242294981A2F309DD81D021C9EDF723551A
                              SHA-512:687824C1BF27EA24330CC5DF76209F728D40DD3277A29F8D9F05B9E4573AE5EF49E69E41403E473E36B855BDF6918C598E4CFFFD6FC122CA27B632190A32C53B
                              Malicious:false
                              Preview:2024/08/19-00:04:20.589 2004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/19-00:04:20.591 2004 Recovering log #3.2024/08/19-00:04:20.593 2004 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):328
                              Entropy (8bit):5.2357472096841295
                              Encrypted:false
                              SSDEEP:6:k+r3QL+q2P923oH+TcwtpIFUt8R+rIBHG1Zmw+R+rIBHQLVkwO923oH+Tcwta/Wd:k+rgyv4YebmFUt8R+rIBA/+R+rIBwR5f
                              MD5:A955DCEB149EDCFE89667F73C5EED410
                              SHA1:6A08779DEBF1EDAEA93775E7141C65B58727F2B1
                              SHA-256:EB2011857B7A537F84BDC4C1EB5DF87343A206331A4B70F451ED50FEECF2C1A4
                              SHA-512:C8F9B02CD35747B8E42E849B14515B6C3FBA1B4AC8AB4B7270484AD0E982E2689E6CA375EC95CF8FE187BD12E90E08BC2A14A3EF9F961A73A55D8C5B12CC64BF
                              Malicious:false
                              Preview:2024/08/19-00:03:57.746 1d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/19-00:03:57.747 1d18 Recovering log #3.2024/08/19-00:03:57.747 1d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):328
                              Entropy (8bit):5.2357472096841295
                              Encrypted:false
                              SSDEEP:6:k+r3QL+q2P923oH+TcwtpIFUt8R+rIBHG1Zmw+R+rIBHQLVkwO923oH+Tcwta/Wd:k+rgyv4YebmFUt8R+rIBA/+R+rIBwR5f
                              MD5:A955DCEB149EDCFE89667F73C5EED410
                              SHA1:6A08779DEBF1EDAEA93775E7141C65B58727F2B1
                              SHA-256:EB2011857B7A537F84BDC4C1EB5DF87343A206331A4B70F451ED50FEECF2C1A4
                              SHA-512:C8F9B02CD35747B8E42E849B14515B6C3FBA1B4AC8AB4B7270484AD0E982E2689E6CA375EC95CF8FE187BD12E90E08BC2A14A3EF9F961A73A55D8C5B12CC64BF
                              Malicious:false
                              Preview:2024/08/19-00:03:57.746 1d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/19-00:03:57.747 1d18 Recovering log #3.2024/08/19-00:03:57.747 1d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):131072
                              Entropy (8bit):0.005551902734588277
                              Encrypted:false
                              SSDEEP:3:ImtVF+R5I/FeLfY+OlX:IiVEYFeLU
                              MD5:2AB6C5F6792F277CEA9D86C32F723D65
                              SHA1:820D40FD7D8976C72E432E279E3F5445264F689C
                              SHA-256:56EA91BCE767D69AB74435F54857FC4D069646C42AE74ACBF614C53381B4DC13
                              SHA-512:F19128D52EECEF7BC62C786983A5A3FE3FBADDD58A8E596559CBFC5309C4532BEE5F09ED5BB503268D440D6510B74D1741AB77967E5504E2C5471CFF997BFBF8
                              Malicious:false
                              Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                              Category:dropped
                              Size (bytes):196608
                              Entropy (8bit):1.2651916556058302
                              Encrypted:false
                              SSDEEP:384:8/2qOB1nxCkM8SAELyKOMq+8yC8F/YfU5m+OlTLVumR6:Bq+n0J89ELyKOMq+8y9/OwP
                              MD5:C4F462B48C8F3F56223976D6B3EC719E
                              SHA1:ECA2D108C0DEECD12E15A4D200FB74218E6E0812
                              SHA-256:4AE638F7CA5D02EFF1D422E0FF86EEFF772C568C07225506A31A3170702475B4
                              SHA-512:8D2A841FC34ABA4B8AE9F2E9F05479D47705633DB6B96900A3E3B242F6B787DF97B34F16F6B61CF200663509574D91B91954176E73AC222D2668B96FDB192687
                              Malicious:false
                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                              Category:dropped
                              Size (bytes):14336
                              Entropy (8bit):1.418978743264846
                              Encrypted:false
                              SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgj2Ry4Kf2Ry4uxj/:ftSjGhp22iS3dK
                              MD5:951F45F74CFFC90A8858C758F98608E4
                              SHA1:51E9972BCCD5708068348E0E21DF8B058F97F758
                              SHA-256:296FE95B5E2B9D227F654406B6319A558E45EC5633CA4803D92DEFE81BE1951B
                              SHA-512:A95513D8A2DA3BF980FEFB264A252D536E20B30B0D493C4E5274E9D1774EC2F59059EB2750F71245E83597F4BA2A38FF1E535300C97BAB6D27A5C375F9C33866
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):40960
                              Entropy (8bit):0.41235120905181716
                              Encrypted:false
                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                              MD5:981F351994975A68A0DD3ECE5E889FD0
                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                              Category:dropped
                              Size (bytes):11755
                              Entropy (8bit):5.190465908239046
                              Encrypted:false
                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                              MD5:07301A857C41B5854E6F84CA00B81EA0
                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                              Malicious:false
                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b67d4d2a-36a3-4862-a3da-d0b853384d12.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):13279
                              Entropy (8bit):5.282819501557643
                              Encrypted:false
                              SSDEEP:384:stNPGKSuasWUrMfhOl86bGtQx6WVlaTYZ:srOxuIUrMfC86bGexvaTYZ
                              MD5:EBEB7CD69BDFC61F864F72B5FA73E241
                              SHA1:1725817D3A6E813ED4097EC41923DC73A09456B0
                              SHA-256:09B7E46F012638D0B4A83A72841188D617BDFF4BD3943A2536898501DF5928AA
                              SHA-512:3132DD9DF2A03EEAA61F6593EE3E287C5248576C1A7F741DA83485CAB6906A2E9D7205AAD7AABBEACDB67CCE9F6FE0E734E53835A86FD508101720849F7B1AFE
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c1564d36-d569-4707-afb9-9be445d3ac3c.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:very short file (no magic)
                              Category:dropped
                              Size (bytes):1
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3:L:L
                              MD5:5058F1AF8388633F609CADB75A75DC9D
                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                              Malicious:false
                              Preview:.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c87af71f-d5f7-45fe-9987-abef24eb24c8.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):24853
                              Entropy (8bit):5.564563560643124
                              Encrypted:false
                              SSDEEP:768:tfxFeboWP+YffgH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZwUJyrwvZpktur:tfxFeboWP+YffgHu1jaQjJ3v0to
                              MD5:5ACC3D79C6051FB3C037B2C75B540EB7
                              SHA1:B998AC3700A193D1A143A1F2FA90459E47DF4B6F
                              SHA-256:6BD6E5300DC16FFB6CDB20288AA6C4139968BA48D2469630F8A064675EB20FE0
                              SHA-512:FDCDB6AECA43ECD79E0690F7727447E7248C5AEE7FE1A7EEEB68AC452EE8C83633F6BAF3BEB72B8DEFF2C18A420985410D25AE7F7DB007B1D2D1EE0766328B57
                              Malicious:false
                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368513837613433","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368513837613433","location":5,"ma

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):28672
                              Entropy (8bit):0.3410017321959524
                              Encrypted:false
                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dcb06706-2d92-4fe6-b870-917b5d1e50fd.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):13279
                              Entropy (8bit):5.282746113588186
                              Encrypted:false
                              SSDEEP:384:stNPGKSuasWUrMfhOl86bGtQx6WUlaTYZ:srOxuIUrMfC86bGexqaTYZ
                              MD5:056E64E9A03C6CA03B3FC37E566E3783
                              SHA1:A8D03C21C6276821FFAA23716D265C7B0AA6CF51
                              SHA-256:371BF777028194525D617FF5A9D5E2488E8F884D5D2B02CBDFC729B791F1D1D0
                              SHA-512:E42AA7FF86153853606620EE27816F0F956E91927CF3A7417CF9DC6B5139EF3A9FC99EC373C4B878BFA37054E7AA27FD60997E8DE4E980E6995D36E411F8F7D8
                              Malicious:false
                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368513839198448","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e35461ba-9376-4aa8-951c-589556d066e1.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                              Category:dropped
                              Size (bytes):115717
                              Entropy (8bit):5.183660917461099
                              Encrypted:false
                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                              Malicious:false
                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.11573992025529492
                              Encrypted:false
                              SSDEEP:12:WtyvatyvkpEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtKatKAoPnnnnnnnnnnnnnnnvN3zd
                              MD5:CCF64A4810041B807438B152460ED606
                              SHA1:2D9992FD3AEB32FE2F861A0A658B94DB5FAD1D85
                              SHA-256:E27171384ACA41A4F1B31D94C672F6B9F6484FFD34C1E6F4D5F485BA47FCF086
                              SHA-512:1C7B402AC59BB5F735376DAB2ED8B6F0717AEB15009E715A524DF72797ABE8E5672536681F0219DCAA08A74CE6362CEA9154E895A00C8D0739A8A22D2768949B
                              Malicious:false
                              Preview:..-.............].......A.$!19...4..}...~........-.............].......A.$!19...4..}...~..............Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite Write-Ahead Log, version 3007000
                              Category:dropped
                              Size (bytes):383192
                              Entropy (8bit):1.0823851112825265
                              Encrypted:false
                              SSDEEP:384:G2SQSCrc39iE46ur34F4B4X4m4L40xN474yI4se:8QItiEDC34F4B4X4m4L40xN474yI4p
                              MD5:55EC005AF8DABD14EE43F39DDEB7AA6A
                              SHA1:22873A6B0824E425B7127A029C4E7226C065D547
                              SHA-256:551B3E7794E596AF40F16DD2EF5B7F3253A5FD9BC98E13AEA34167BBCAEDD646
                              SHA-512:A27B219FD28FB3FCFCA2672FE2CED6B2F616685971413507A047EB10A02ABA432AC63E81FD5380809BB5C4CEDA7CF73E2BDAB7EE060388D7BC7B7238C63CDBDB
                              Malicious:false
                              Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):723
                              Entropy (8bit):3.210448400244174
                              Encrypted:false
                              SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuur8q6U:iDw
                              MD5:3CF4BD059B88084E5DC021C34B7A46B5
                              SHA1:806BBFE44D97C2BD93A074848007B30268B8DD61
                              SHA-256:FDD09F6D335478D9D4173002C450836943D9CE2F10FC1F7F5F9A8398913FABF7
                              SHA-512:0189D1CC3431FA6F8874238452E0123608353A9BA8A6C728250B283F7EF708CD952856D6C8B7055535B88C65F2990B1C52B285084C8A2129B0B44414065C0AE3
                              Malicious:false
                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................~i.0................39_config..........6.....n ....1V.e................V.e................V.e................V.e................V.e................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):324
                              Entropy (8bit):5.208431942879132
                              Encrypted:false
                              SSDEEP:6:k+FDR+q2P923oH+TcwtfrK+IFUt8R+FuZmw+R+FqVkwO923oH+TcwtfrUeLJ:k+Ncv4Yeb23FUt8R+Q/+R+Y5LYeb3J
                              MD5:1D438F892CF16E9F8C72B47757670158
                              SHA1:65B69C4670E1975A77159E04FE3FDE9402875A50
                              SHA-256:6E21BA55812B0A48B4ABD5D5276DEFC70D871730285D2D9145C37D77D45E8252
                              SHA-512:EBD6747AFDD6AD457D9B0E4C10011362E1467DC6CEC51B980F57EDBD683F404E79D64A7773A8D94AE2A444FCB27A2E3CE6B1280B053C4343E4FC9AA1A20BBBDE
                              Malicious:false
                              Preview:2024/08/19-00:03:59.234 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/19-00:03:59.235 1ff8 Recovering log #3.2024/08/19-00:03:59.235 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):324
                              Entropy (8bit):5.208431942879132
                              Encrypted:false
                              SSDEEP:6:k+FDR+q2P923oH+TcwtfrK+IFUt8R+FuZmw+R+FqVkwO923oH+TcwtfrUeLJ:k+Ncv4Yeb23FUt8R+Q/+R+Y5LYeb3J
                              MD5:1D438F892CF16E9F8C72B47757670158
                              SHA1:65B69C4670E1975A77159E04FE3FDE9402875A50
                              SHA-256:6E21BA55812B0A48B4ABD5D5276DEFC70D871730285D2D9145C37D77D45E8252
                              SHA-512:EBD6747AFDD6AD457D9B0E4C10011362E1467DC6CEC51B980F57EDBD683F404E79D64A7773A8D94AE2A444FCB27A2E3CE6B1280B053C4343E4FC9AA1A20BBBDE
                              Malicious:false
                              Preview:2024/08/19-00:03:59.234 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/19-00:03:59.235 1ff8 Recovering log #3.2024/08/19-00:03:59.235 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):787
                              Entropy (8bit):4.059252238767438
                              Encrypted:false
                              SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                              MD5:D8D8899761F621B63AD5ED6DF46D22FE
                              SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                              SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                              SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                              Malicious:false
                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):5.213977022098504
                              Encrypted:false
                              SSDEEP:6:k+FHTFs+q2P923oH+TcwtfrzAdIFUt8R+FHVZmw+R+FH5VkwO923oH+TcwtfrzId:k+1v4Yeb9FUt8R+b/+R+x5LYeb2J
                              MD5:85C2A0834F8239E171894124AD205160
                              SHA1:34D3C0A62354717AE007F5D66EE67A12F6405876
                              SHA-256:B9F06867809622D4303ABF6A19EB21A9A515A379C45F5F641AE64685835B2495
                              SHA-512:7F5A6BD0C3C228C01364CF6EA7EFD11E970F12AED3BC2D3212E2F31B92BB4C2DD48D232C489963B5B581E4E491F7765CD2A885D3B938F62DB039686BA2B3B69E
                              Malicious:false
                              Preview:2024/08/19-00:03:59.226 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/19-00:03:59.227 1ff8 Recovering log #3.2024/08/19-00:03:59.227 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):5.213977022098504
                              Encrypted:false
                              SSDEEP:6:k+FHTFs+q2P923oH+TcwtfrzAdIFUt8R+FHVZmw+R+FH5VkwO923oH+TcwtfrzId:k+1v4Yeb9FUt8R+b/+R+x5LYeb2J
                              MD5:85C2A0834F8239E171894124AD205160
                              SHA1:34D3C0A62354717AE007F5D66EE67A12F6405876
                              SHA-256:B9F06867809622D4303ABF6A19EB21A9A515A379C45F5F641AE64685835B2495
                              SHA-512:7F5A6BD0C3C228C01364CF6EA7EFD11E970F12AED3BC2D3212E2F31B92BB4C2DD48D232C489963B5B581E4E491F7765CD2A885D3B938F62DB039686BA2B3B69E
                              Malicious:false
                              Preview:2024/08/19-00:03:59.226 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/19-00:03:59.227 1ff8 Recovering log #3.2024/08/19-00:03:59.227 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):120
                              Entropy (8bit):3.32524464792714
                              Encrypted:false
                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                              MD5:A397E5983D4A1619E36143B4D804B870
                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                              Malicious:false
                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):13
                              Entropy (8bit):2.7192945256669794
                              Encrypted:false
                              SSDEEP:3:NYLFRQI:ap2I
                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                              Malicious:false
                              Preview:117.0.2045.47

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31f12.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31f22.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32099.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3476a.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37a23.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4316c.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49845.TMP (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                              Category:dropped
                              Size (bytes):20480
                              Entropy (8bit):0.5963118027796015
                              Encrypted:false
                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):47
                              Entropy (8bit):4.3818353308528755
                              Encrypted:false
                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                              MD5:48324111147DECC23AC222A361873FC5
                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                              Malicious:false
                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):35
                              Entropy (8bit):4.014438730983427
                              Encrypted:false
                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                              Malicious:false
                              Preview:{"forceServiceDetermination":false}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):50
                              Entropy (8bit):3.9904355005135823
                              Encrypted:false
                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                              Malicious:false
                              Preview:topTraffic_170540185939602997400506234197983529371

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):575056
                              Entropy (8bit):7.999649474060713
                              Encrypted:true
                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                              MD5:BE5D1A12C1644421F877787F8E76642D
                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                              Malicious:false
                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):86
                              Entropy (8bit):4.3751917412896075
                              Encrypted:false
                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                              MD5:16B7586B9EBA5296EA04B791FC3D675E
                              SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                              SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                              SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                              Malicious:false
                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a10cc1d4-c950-4b9a-95f2-e133d6f51877.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44596
                              Entropy (8bit):6.097159409924627
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuShDO6vP6OWNHNZz1D+EF0ncGoup1Xl3jVzXr2:z/Ps+wsI7ynER62NHKchu3VlXr4CRo1
                              MD5:4AEEBFAB429ABDA94F94CBAF887D5ACF
                              SHA1:982939C1992794BA9A05CF056EFBCD7C318956F3
                              SHA-256:75FFB02A0EC87A164BB96E4DCF8DA14552E09DDA190E2EAFE67781C822ABD608
                              SHA-512:E01E3CDB9068582A022634450147B20E62ED07368855B111F5D83B78B33658FE7A19C2478A6560196AFDF9AD7E6E14BF4574656FA0B779954777B6F3AB374552
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c6c1da1c-e030-4046-ac4e-730a48b35088.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):44137
                              Entropy (8bit):6.090744509971611
                              Encrypted:false
                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM4wuF9hDO6vP6O+btbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE266tbz8hu3VlXr4CRo1
                              MD5:1F43655C857A1FBA27A3DBDE35FE802C
                              SHA1:199D94CB83DB2A0312CD5E8F20B1D0E51B7EE477
                              SHA-256:BB5FA97FDEB4AEC17A7DD7C576984F4A752CAA17E1249DCE7E9EB8D14652393A
                              SHA-512:87E2F350B0BA3820C2A94A608B0F6C44F540A9A621FAB3B198A378D78F20A72CBC2955491461A2E1F1104669B008064755FA0DA438031EBE9C27F33024C14E8B
                              Malicious:false
                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2278
                              Entropy (8bit):3.8470692517763303
                              Encrypted:false
                              SSDEEP:48:uiTrlKxrgxZIyxl9Il8uP1d67H2PNqKu//aflB9oRRGDd1rc:myHYJndfuqfL9oRRGk
                              MD5:AF632963CC01F32CC3E65FFFBBA88639
                              SHA1:12084233BBC99E8A203380AE09DA95F0A3747F2F
                              SHA-256:6D2F69D4E6D6DB948A35BB724E19E6CD508ACC322418E277128594421A0B0BDB
                              SHA-512:0386680A3DFAFD6E4C307282B969753509A15E541329D7058AFC1BC46636BEF75129C8F24E5DF2089255E865763248747F6351E1E3F84C15C85D5DCDC284E9FC
                              Malicious:false
                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.o.7.N.v.X.x.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.F.g.k.I.I.Z.

                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4622
                              Entropy (8bit):4.001677241630848
                              Encrypted:false
                              SSDEEP:96:TYJkjVoAroebz932dN9LWtRxyLISi9ZczkPWm01:TikRPUI32dNhWgI3vWD1
                              MD5:41E772DCB0474BB042EE920CD1A0E710
                              SHA1:D1CA2C2453AA19B162535FB0C6D74731C1B227C9
                              SHA-256:292082A075FA033D9D364CB9AB17B3CD94F56D3CC4997F08942F0ABC3776182E
                              SHA-512:615CB8C3FE4BA2715FEA5A21F07E805DE38A35F73DB11B24D5F412086C0F7153F1AC7A32BF83240F08291945BEBF93D873BEE10ED804A86865C134849350F519
                              Malicious:false
                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.l.Y.V.H.O.3.x.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.F.g.k.I.I.Z.

                              C:\Users\user\AppData\Local\Temp\155cda1e-6139-43d5-a657-d662861a485e.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                              Category:dropped
                              Size (bytes):76321
                              Entropy (8bit):7.996057445951542
                              Encrypted:true
                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                              MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                              SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                              SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                              SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                              Malicious:false
                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                              C:\Users\user\AppData\Local\Temp\603b8c02-66c8-4d3b-92ad-7d611858a372.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 902369
                              Category:dropped
                              Size (bytes):474840
                              Entropy (8bit):7.998326672200552
                              Encrypted:true
                              SSDEEP:12288:aySWxogGwbTUGeXeuLdAOoK7SqFxdRCNnoNcw:xSWmgGwbTUGoHuOoKljaoNL
                              MD5:A45D81F28D63E3377AB0F9127180A97B
                              SHA1:2197EE7AEABDF7DF43E38B7922D5AA674215EE3B
                              SHA-256:9E93114FE944A038DC66C9C1D7A7ED9A095B014AAC09D0009E8E6949853B5D2E
                              SHA-512:4142A45A5D035A2E0EB4D4B3297B91B67EB410EA003FF6C29FE50ECDC7D8C48939BABDB46F1567BBFEA4D3C28F75E05012496429CD8DFFA0686CFE7EA175923C
                              Malicious:false
                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                              C:\Users\user\AppData\Local\Temp\6ae2e268-1d51-44bd-89d8-7b3685bc9e59.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:Google Chrome extension, version 3
                              Category:dropped
                              Size (bytes):11185
                              Entropy (8bit):7.951995436832936
                              Encrypted:false
                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                              Malicious:false
                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                              C:\Users\user\AppData\Local\Temp\9dd02439-19b9-4afc-a127-3345fe5eb49d.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:Google Chrome extension, version 3
                              Category:dropped
                              Size (bytes):135751
                              Entropy (8bit):7.804610863392373
                              Encrypted:false
                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                              Malicious:false
                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                              C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat

                              Download File
                              Process:C:\Users\user\Desktop\file.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2915
                              Entropy (8bit):4.968192539821732
                              Encrypted:false
                              SSDEEP:48:N0K2U7V5rN81fN80XUbaOUb5OzQ/iqzQ/hXDTjODAKpxVgXDOev0W:rrrN81fN80Ebanb5OzQ/iqzQ/hTTj+Av
                              MD5:31C09B550C61042384EF240A1CD226DF
                              SHA1:731FBE63179F646915F8FA37CA9F8C85FDB9B48A
                              SHA-256:752A176E12900C9F3CF947BC36D506E360F86DA00A2DBC1E5FA821F2584C75DB
                              SHA-512:8FCD654736E4B71765B5379C6E1699771E83C5C1DF1B5E3FA7F74E4D3B5629FFA1F54AAEDFDF9979416D3704BCFB38D73DBA7C36C7B6F1AC9804737E7AF698A6
                              Malicious:false
                              Preview:@shift /0..@echo off..setlocal....set "URL=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"....rem Initialize paths..set "chromePath="..set "edgePath="..set "firefoxPath="....rem Hardcoded paths..set "ProgramFiles64=C:\Program Files"..set "ProgramFiles86=C:\Program Files (x86)"....rem Check for Chrome in 64-bit system directory..if exist "%ProgramFiles64%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles64%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in 32-bit system directory..if exist "%ProgramFiles86%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles86%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in user profiles..for /d %%u in ("%SystemDrive%\Users\*") do (.. if exist "%%u\AppData\Local\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%%u\AppData\Local\Go

                              C:\Users\user\AppData\Local\Temp\a240eb52-7850-425c-9432-43e846d953ba.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:very short file (no magic)
                              Category:dropped
                              Size (bytes):1
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3:L:L
                              MD5:5058F1AF8388633F609CADB75A75DC9D
                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                              Malicious:false
                              Preview:.

                              C:\Users\user\AppData\Local\Temp\a4aea7f1-aad4-4e86-942f-807c4111f01d.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:very short file (no magic)
                              Category:dropped
                              Size (bytes):1
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3:L:L
                              MD5:5058F1AF8388633F609CADB75A75DC9D
                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                              Malicious:false
                              Preview:.

                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2110
                              Entropy (8bit):5.398350255302856
                              Encrypted:false
                              SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrt:8e2Fa116uCntc5toYGSvWjM
                              MD5:AE222704844625592EEACA82B3B88E44
                              SHA1:FEA7BFC732F97E5FA83C0AD44162984AE7D5E226
                              SHA-256:B278146E23173EADD4F94DACE567A26E562F14834C0AC57A7B39FDDBA8FC91D8
                              SHA-512:907B78B37489D534E61F3A632928A24D98A5199C54B72B61D501FD4DB3B830318D595E5C79B5A78C50320C67649A9F87C6B01843B89DA729B7628BCFAA87A933
                              Malicious:false
                              Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                              C:\Users\user\AppData\Local\Temp\dfa3dbb4-a24c-4f10-9d7e-32990d8c1ff0.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                              Category:dropped
                              Size (bytes):206855
                              Entropy (8bit):7.983996634657522
                              Encrypted:false
                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                              MD5:788DF0376CE061534448AA17288FEA95
                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                              Malicious:false
                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.4593089050301797
                              Encrypted:false
                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                              MD5:D910AD167F0217587501FDCDB33CC544
                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                              Malicious:false
                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1763967704\6ae2e268-1d51-44bd-89d8-7b3685bc9e59.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:Google Chrome extension, version 3
                              Category:dropped
                              Size (bytes):11185
                              Entropy (8bit):7.951995436832936
                              Encrypted:false
                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                              Malicious:false
                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1763967704\CRX_INSTALL\_metadata\verified_contents.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1753
                              Entropy (8bit):5.8889033066924155
                              Encrypted:false
                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                              MD5:738E757B92939B24CDBBD0EFC2601315
                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                              Malicious:false
                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1763967704\CRX_INSTALL\content.js

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                              Category:dropped
                              Size (bytes):9815
                              Entropy (8bit):6.1716321262973315
                              Encrypted:false
                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                              Malicious:false
                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1763967704\CRX_INSTALL\content_new.js

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                              Category:dropped
                              Size (bytes):10388
                              Entropy (8bit):6.174387413738973
                              Encrypted:false
                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                              Malicious:false
                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1763967704\CRX_INSTALL\manifest.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):962
                              Entropy (8bit):5.698567446030411
                              Encrypted:false
                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                              Malicious:false
                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\9dd02439-19b9-4afc-a127-3345fe5eb49d.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:Google Chrome extension, version 3
                              Category:dropped
                              Size (bytes):135751
                              Entropy (8bit):7.804610863392373
                              Encrypted:false
                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                              Malicious:false
                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\128.png

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):4982
                              Entropy (8bit):7.929761711048726
                              Encrypted:false
                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                              Malicious:false
                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\af\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):908
                              Entropy (8bit):4.512512697156616
                              Encrypted:false
                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                              MD5:12403EBCCE3AE8287A9E823C0256D205
                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\am\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1285
                              Entropy (8bit):4.702209356847184
                              Encrypted:false
                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                              SHA1:58979859B28513608626B563138097DC19236F1F
                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ar\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1244
                              Entropy (8bit):4.5533961615623735
                              Encrypted:false
                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\az\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):977
                              Entropy (8bit):4.867640976960053
                              Encrypted:false
                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                              MD5:9A798FD298008074E59ECC253E2F2933
                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\be\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):3107
                              Entropy (8bit):3.535189746470889
                              Encrypted:false
                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                              MD5:68884DFDA320B85F9FC5244C2DD00568
                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                              Malicious:false
                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\bg\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1389
                              Entropy (8bit):4.561317517930672
                              Encrypted:false
                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\bn\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1763
                              Entropy (8bit):4.25392954144533
                              Encrypted:false
                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ca\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):930
                              Entropy (8bit):4.569672473374877
                              Encrypted:false
                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                              MD5:D177261FFE5F8AB4B3796D26835F8331
                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\cs\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):913
                              Entropy (8bit):4.947221919047
                              Encrypted:false
                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\cy\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):806
                              Entropy (8bit):4.815663786215102
                              Encrypted:false
                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                              MD5:A86407C6F20818972B80B9384ACFBBED
                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                              Malicious:false
                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\da\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):883
                              Entropy (8bit):4.5096240460083905
                              Encrypted:false
                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\de\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1031
                              Entropy (8bit):4.621865814402898
                              Encrypted:false
                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                              MD5:D116453277CC860D196887CEC6432FFE
                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\el\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1613
                              Entropy (8bit):4.618182455684241
                              Encrypted:false
                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\en\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):851
                              Entropy (8bit):4.4858053753176526
                              Encrypted:false
                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\en_CA\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):851
                              Entropy (8bit):4.4858053753176526
                              Encrypted:false
                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\en_GB\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):848
                              Entropy (8bit):4.494568170878587
                              Encrypted:false
                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\en_US\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1425
                              Entropy (8bit):4.461560329690825
                              Encrypted:false
                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                              Malicious:false
                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\es\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):961
                              Entropy (8bit):4.537633413451255
                              Encrypted:false
                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                              MD5:F61916A206AC0E971CDCB63B29E580E3
                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\es_419\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):959
                              Entropy (8bit):4.570019855018913
                              Encrypted:false
                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                              MD5:535331F8FB98894877811B14994FEA9D
                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\et\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):968
                              Entropy (8bit):4.633956349931516
                              Encrypted:false
                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                              MD5:64204786E7A7C1ED9C241F1C59B81007
                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\eu\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):838
                              Entropy (8bit):4.4975520913636595
                              Encrypted:false
                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                              Malicious:false
                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\fa\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1305
                              Entropy (8bit):4.673517697192589
                              Encrypted:false
                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\fi\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):911
                              Entropy (8bit):4.6294343834070935
                              Encrypted:false
                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\fil\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):939
                              Entropy (8bit):4.451724169062555
                              Encrypted:false
                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                              MD5:FCEA43D62605860FFF41BE26BAD80169
                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\fr\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):977
                              Entropy (8bit):4.622066056638277
                              Encrypted:false
                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\fr_CA\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):972
                              Entropy (8bit):4.621319511196614
                              Encrypted:false
                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                              MD5:6CAC04BDCC09034981B4AB567B00C296
                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\gl\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):990
                              Entropy (8bit):4.497202347098541
                              Encrypted:false
                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\gu\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1658
                              Entropy (8bit):4.294833932445159
                              Encrypted:false
                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\hi\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1672
                              Entropy (8bit):4.314484457325167
                              Encrypted:false
                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\hr\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):935
                              Entropy (8bit):4.6369398601609735
                              Encrypted:false
                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\hu\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1065
                              Entropy (8bit):4.816501737523951
                              Encrypted:false
                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\hy\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2771
                              Entropy (8bit):3.7629875118570055
                              Encrypted:false
                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                              Malicious:false
                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\id\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):858
                              Entropy (8bit):4.474411340525479
                              Encrypted:false
                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\is\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):954
                              Entropy (8bit):4.631887382471946
                              Encrypted:false
                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                              Malicious:false
                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\it\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):899
                              Entropy (8bit):4.474743599345443
                              Encrypted:false
                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\iw\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2230
                              Entropy (8bit):3.8239097369647634
                              Encrypted:false
                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                              Malicious:false
                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ja\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1160
                              Entropy (8bit):5.292894989863142
                              Encrypted:false
                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ka\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):3264
                              Entropy (8bit):3.586016059431306
                              Encrypted:false
                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                              MD5:83F81D30913DC4344573D7A58BD20D85
                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                              Malicious:false
                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\kk\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):3235
                              Entropy (8bit):3.6081439490236464
                              Encrypted:false
                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                              Malicious:false
                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\km\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):3122
                              Entropy (8bit):3.891443295908904
                              Encrypted:false
                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                              Malicious:false
                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\kn\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1880
                              Entropy (8bit):4.295185867329351
                              Encrypted:false
                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                              MD5:8E16966E815C3C274EEB8492B1EA6648
                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ko\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1042
                              Entropy (8bit):5.3945675025513955
                              Encrypted:false
                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                              MD5:F3E59EEEB007144EA26306C20E04C292
                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\lo\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2535
                              Entropy (8bit):3.8479764584971368
                              Encrypted:false
                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                              MD5:E20D6C27840B406555E2F5091B118FC5
                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                              Malicious:false
                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\lt\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1028
                              Entropy (8bit):4.797571191712988
                              Encrypted:false
                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                              MD5:970544AB4622701FFDF66DC556847652
                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\lv\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):994
                              Entropy (8bit):4.700308832360794
                              Encrypted:false
                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                              MD5:A568A58817375590007D1B8ABCAEBF82
                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ml\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2091
                              Entropy (8bit):4.358252286391144
                              Encrypted:false
                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\mn\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2778
                              Entropy (8bit):3.595196082412897
                              Encrypted:false
                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                              Malicious:false
                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\mr\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1719
                              Entropy (8bit):4.287702203591075
                              Encrypted:false
                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ms\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):936
                              Entropy (8bit):4.457879437756106
                              Encrypted:false
                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                              MD5:7D273824B1E22426C033FF5D8D7162B7
                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\my\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):3830
                              Entropy (8bit):3.5483353063347587
                              Encrypted:false
                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                              MD5:342335A22F1886B8BC92008597326B24
                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                              Malicious:false
                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ne\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1898
                              Entropy (8bit):4.187050294267571
                              Encrypted:false
                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\nl\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):914
                              Entropy (8bit):4.513485418448461
                              Encrypted:false
                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\no\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):878
                              Entropy (8bit):4.4541485835627475
                              Encrypted:false
                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                              MD5:A1744B0F53CCF889955B95108367F9C8
                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\pa\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2766
                              Entropy (8bit):3.839730779948262
                              Encrypted:false
                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                              Malicious:false
                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\pl\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):978
                              Entropy (8bit):4.879137540019932
                              Encrypted:false
                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\pt_BR\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):907
                              Entropy (8bit):4.599411354657937
                              Encrypted:false
                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\pt_PT\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):914
                              Entropy (8bit):4.604761241355716
                              Encrypted:false
                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                              MD5:0963F2F3641A62A78B02825F6FA3941C
                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ro\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):937
                              Entropy (8bit):4.686555713975264
                              Encrypted:false
                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                              MD5:BED8332AB788098D276B448EC2B33351
                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ru\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1337
                              Entropy (8bit):4.69531415794894
                              Encrypted:false
                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                              MD5:51D34FE303D0C90EE409A2397FCA437D
                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\si\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2846
                              Entropy (8bit):3.7416822879702547
                              Encrypted:false
                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                              Malicious:false
                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\sk\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):934
                              Entropy (8bit):4.882122893545996
                              Encrypted:false
                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                              MD5:8E55817BF7A87052F11FE554A61C52D5
                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\sl\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):963
                              Entropy (8bit):4.6041913416245
                              Encrypted:false
                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\sr\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1320
                              Entropy (8bit):4.569671329405572
                              Encrypted:false
                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                              MD5:7F5F8933D2D078618496C67526A2B066
                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\sv\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):884
                              Entropy (8bit):4.627108704340797
                              Encrypted:false
                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\sw\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):980
                              Entropy (8bit):4.50673686618174
                              Encrypted:false
                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                              MD5:D0579209686889E079D87C23817EDDD5
                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ta\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1941
                              Entropy (8bit):4.132139619026436
                              Encrypted:false
                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\te\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1969
                              Entropy (8bit):4.327258153043599
                              Encrypted:false
                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\th\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1674
                              Entropy (8bit):4.343724179386811
                              Encrypted:false
                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                              MD5:64077E3D186E585A8BEA86FF415AA19D
                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\tr\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1063
                              Entropy (8bit):4.853399816115876
                              Encrypted:false
                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                              MD5:76B59AAACC7B469792694CF3855D3F4C
                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\uk\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1333
                              Entropy (8bit):4.686760246306605
                              Encrypted:false
                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                              MD5:970963C25C2CEF16BB6F60952E103105
                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\ur\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1263
                              Entropy (8bit):4.861856182762435
                              Encrypted:false
                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                              MD5:8B4DF6A9281333341C939C244DDB7648
                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\vi\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1074
                              Entropy (8bit):5.062722522759407
                              Encrypted:false
                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\zh_CN\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):879
                              Entropy (8bit):5.7905809868505544
                              Encrypted:false
                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\zh_HK\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1205
                              Entropy (8bit):4.50367724745418
                              Encrypted:false
                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                              Malicious:false
                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\zh_TW\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):843
                              Entropy (8bit):5.76581227215314
                              Encrypted:false
                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                              Malicious:false
                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_locales\zu\messages.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):912
                              Entropy (8bit):4.65963951143349
                              Encrypted:false
                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                              Malicious:false
                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\_metadata\verified_contents.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):11280
                              Entropy (8bit):5.754230909218899
                              Encrypted:false
                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                              Malicious:false
                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\dasherSettingSchema.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):854
                              Entropy (8bit):4.284628987131403
                              Encrypted:false
                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                              Malicious:false
                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\manifest.json

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2525
                              Entropy (8bit):5.417689528134667
                              Encrypted:false
                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                              MD5:10FF8E5B674311683D27CE1879384954
                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                              Malicious:false
                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\offscreendocument.html

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:HTML document, ASCII text
                              Category:dropped
                              Size (bytes):97
                              Entropy (8bit):4.862433271815736
                              Encrypted:false
                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                              Malicious:false
                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\offscreendocument_main.js

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with very long lines (4369)
                              Category:dropped
                              Size (bytes):95567
                              Entropy (8bit):5.4016395763198135
                              Encrypted:false
                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                              Malicious:false
                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\page_embed_script.js

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):291
                              Entropy (8bit):4.65176400421739
                              Encrypted:false
                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                              Malicious:false
                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                              C:\Users\user\AppData\Local\Temp\scoped_dir8040_1784628756\CRX_INSTALL\service_worker_bin_prod.js

                              Download File
                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              File Type:ASCII text, with very long lines (4369)
                              Category:dropped
                              Size (bytes):103988
                              Entropy (8bit):5.389407461078688
                              Encrypted:false
                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                              MD5:EA946F110850F17E637B15CF22B82837
                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                              Malicious:false
                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                              C:\Users\user\AppData\Local\Temp\tmpaddon

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):453023
                              Entropy (8bit):7.997718157581587
                              Encrypted:true
                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                              MD5:85430BAED3398695717B0263807CF97C
                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                              Malicious:false
                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Aug 19 03:04:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.9742063881469014
                              Encrypted:false
                              SSDEEP:48:8KdVoT1sytHRidAKZdA19ehwiZUklqehGy+3:8Pfxdy
                              MD5:8A5C2F0E4B3C38370BEC3A2E65536243
                              SHA1:55B3905E69040F96993C534FC3DE05A17D0ADBF9
                              SHA-256:470388E6AB053F4FA0644693FECCD7147CA5483CCDADE879F02A874AB73ACC80
                              SHA-512:AE79A6A5AEFDFFFA63FE234D5869EF0CC8757740833D0CBCFCA972CA16B31BE598C234961C79C107DC111294A41CC68741DEAA7802AE28622C8847BDE0F37157
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....3g.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y{ ....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{ ....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{ ....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{ ..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y. ...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Aug 19 03:04:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):3.991747636828077
                              Encrypted:false
                              SSDEEP:48:8sdVoT1sytHRidAKZdA1weh/iZUkAQkqehNy+2:8pfD9QQy
                              MD5:CC0F2FBEF585E28532F5FEF60209BCFC
                              SHA1:2B89034090F4A5ABCA29E8F541CE376707134D34
                              SHA-256:EA37ABBB0D19D15B6F367029E7CC79D4BCEDFF63298245A7A5D2B33C5B01C21E
                              SHA-512:8E4EED71828D6EA7837F05339A9E96EBB8ED06BC6758A3613324089A604CFD85E88F933EF24518288CE10042FE488DAA696D2D1A8B87C836AE6BBB51F24A757D
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,......X.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y{ ....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{ ....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{ ....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{ ..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y. ...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2693
                              Entropy (8bit):4.002261511804251
                              Encrypted:false
                              SSDEEP:48:8xrdVoT1sysHRidAKZdA14tseh7sFiZUkmgqeh7sHy+BX:8xMfonxy
                              MD5:CFACE652ADB1E4AAA7968342BC7E3B57
                              SHA1:6BB20251DE7823F53C5089CE4BBD0AC040C5BDA6
                              SHA-256:C6F14DF1DC15F381A1DC3BF4A4FC3D290764A1370ABF5950B827B6A4273BF4F1
                              SHA-512:34A9E2B0F4F8AB4C7FE18D522C09D2FAF199B5DD06BB52A563AB697A0AEAF5EC805673CE6E6C8350AA93CEA8A37244F3DF34B10ECB3A446D6103ABEC6127DCBA
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y{ ....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{ ....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{ ....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{ ..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Aug 19 03:04:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2681
                              Entropy (8bit):3.9892696870586866
                              Encrypted:false
                              SSDEEP:48:8v2dVoT1sytHRidAKZdA1vehDiZUkwqehJy+R:8Tfgfy
                              MD5:13965F38BB8877F246D8CBBA373086CF
                              SHA1:B3FF83F5C2BBB1A03545C97D278A2D0E0BA27951
                              SHA-256:B5B07CFC7EF59F832B710CA04FA005B4B103675F96301986F446F188B297AD56
                              SHA-512:1742E8FDA7D2F17959039267C40F05AA147B11FC2C95EA7AE4B02CFA8F9C2B6844FA143CAD5D520933D5178A0EA529ED0261181273AECE4668119C61D727D36D
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....A$7.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y{ ....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{ ....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{ ....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{ ..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y. ...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Aug 19 03:04:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2681
                              Entropy (8bit):3.9784676858202377
                              Encrypted:false
                              SSDEEP:48:8UgdVoT1sytHRidAKZdA1hehBiZUk1W1qehLy+C:8IfA9ry
                              MD5:9AB55DAB08AA1510938515F369724F32
                              SHA1:299883F0BA40DE0E087F237080F3F1972A8426CF
                              SHA-256:C16DF66F89E32AADC5ABE6A9FDA7B93E84374B78AD588525FAC81CEB07790142
                              SHA-512:4426D013ED412FAEC0B7568C7FC6FD87B1A5E72DD93FEA3DD084A749EF94BE7D7705876CDD8AD55E0FD037C59BD7A6423DC153EB3F8265AFED23E93256A23D8D
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....#a.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y{ ....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{ ....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{ ....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{ ..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y. ...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Aug 19 03:03:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2683
                              Entropy (8bit):3.9865698996513403
                              Encrypted:false
                              SSDEEP:48:83dVoT1sytHRidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxy+yT+:8ofOT/TbxWOvTbxy7T
                              MD5:246B0845446F592D5AF374A519880369
                              SHA1:E76F9697A261E6C1815AE469FFF0FA4D02DA8C76
                              SHA-256:DCA86A7CA62637A6BCC6D72DADC1ACF60B761631DF04FB52A95000BA9BB08E89
                              SHA-512:8574B261166436D595BE554937D363D847019943F9E008C9EBAC2042B4529E75EF76D160AB16DFA1616A6E10D8CEE9C7F6E52B62433DB8D3250FC389CECC5772
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....\D......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y{ ....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{ ....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{ ....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{ ..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y. ...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):24
                              Entropy (8bit):3.91829583405449
                              Encrypted:false
                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                              MD5:3088F0272D29FAA42ED452C5E8120B08
                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                              Malicious:false
                              Preview:{"schema":6,"addons":[]}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):24
                              Entropy (8bit):3.91829583405449
                              Encrypted:false
                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                              MD5:3088F0272D29FAA42ED452C5E8120B08
                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                              Malicious:false
                              Preview:{"schema":6,"addons":[]}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                              Category:dropped
                              Size (bytes):66
                              Entropy (8bit):4.837595020998689
                              Encrypted:false
                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                              Malicious:false
                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                              Category:dropped
                              Size (bytes):66
                              Entropy (8bit):4.837595020998689
                              Encrypted:false
                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                              Malicious:false
                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):36830
                              Entropy (8bit):5.1867463390487
                              Encrypted:false
                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                              MD5:98875950B62B398FFE70C0A8D0998017
                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                              Malicious:false
                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):36830
                              Entropy (8bit):5.1867463390487
                              Encrypted:false
                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                              MD5:98875950B62B398FFE70C0A8D0998017
                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                              Malicious:false
                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1021904
                              Entropy (8bit):6.648417932394748
                              Encrypted:false
                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                              MD5:FE3355639648C417E8307C6D051E3E37
                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: rama.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: 377cc85807.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1021904
                              Entropy (8bit):6.648417932394748
                              Encrypted:false
                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                              MD5:FE3355639648C417E8307C6D051E3E37
                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):116
                              Entropy (8bit):4.968220104601006
                              Encrypted:false
                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                              Malicious:false
                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):116
                              Entropy (8bit):4.968220104601006
                              Encrypted:false
                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                              Malicious:false
                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                              Category:dropped
                              Size (bytes):11225
                              Entropy (8bit):5.509614407143246
                              Encrypted:false
                              SSDEEP:192:VnPOeRnHYbBp6RJ0aX+46SEXKtakHWNBw8rFSl:hPegJULEfHEwY0
                              MD5:EC30B6CFE305E659788B4F6E1454F698
                              SHA1:F44302DD6B6212E7DD30094CDF807E8E027EADC3
                              SHA-256:75E6EDA517DBCF62968D35FCD3FAE3FC9F125315CD617C872E0F6F329DFC4316
                              SHA-512:375B91376EFDA4C5232F2054C797D628ABE911B2D8C94335795E353BDFA0CE8731B3BB3689DE83E9D5E4117131A8E9170EEAF2906CDDA9E6CCD009149CD4B7C6
                              Malicious:false
                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724046868);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724046868);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                              Category:dropped
                              Size (bytes):11225
                              Entropy (8bit):5.509614407143246
                              Encrypted:false
                              SSDEEP:192:VnPOeRnHYbBp6RJ0aX+46SEXKtakHWNBw8rFSl:hPegJULEfHEwY0
                              MD5:EC30B6CFE305E659788B4F6E1454F698
                              SHA1:F44302DD6B6212E7DD30094CDF807E8E027EADC3
                              SHA-256:75E6EDA517DBCF62968D35FCD3FAE3FC9F125315CD617C872E0F6F329DFC4316
                              SHA-512:375B91376EFDA4C5232F2054C797D628ABE911B2D8C94335795E353BDFA0CE8731B3BB3689DE83E9D5E4117131A8E9170EEAF2906CDDA9E6CCD009149CD4B7C6
                              Malicious:false
                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724046868);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724046868);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\98ed2920-b62b-4d1f-a699-bc73201298a3 (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):493
                              Entropy (8bit):4.967648439485298
                              Encrypted:false
                              SSDEEP:12:YZFgZj5gJJJVIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YQAHSlCOlZGV1AQIWZcy6ZXvx
                              MD5:0A629FB09ECCF2B0A3B7DCC56E159108
                              SHA1:159088218E5C508C1EDBA3714E668AF8DE499C7C
                              SHA-256:079A21EF81B6BD5412B1ACDC1D01B5731D85CA47274442D11535450D6088E08E
                              SHA-512:FEAED313415E03EF045ECE4C7FA2ACAEB065ECF743A8686C1D5CB75DAC20823C1490BB4731778A3CF574EB27E5C0BD7A01EB627FCE8A53B4B42E6495E852595F
                              Malicious:false
                              Preview:{"type":"health","id":"98ed2920-b62b-4d1f-a699-bc73201298a3","creationDate":"2024-08-19T05:54:56.454Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\98ed2920-b62b-4d1f-a699-bc73201298a3.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):493
                              Entropy (8bit):4.967648439485298
                              Encrypted:false
                              SSDEEP:12:YZFgZj5gJJJVIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YQAHSlCOlZGV1AQIWZcy6ZXvx
                              MD5:0A629FB09ECCF2B0A3B7DCC56E159108
                              SHA1:159088218E5C508C1EDBA3714E668AF8DE499C7C
                              SHA-256:079A21EF81B6BD5412B1ACDC1D01B5731D85CA47274442D11535450D6088E08E
                              SHA-512:FEAED313415E03EF045ECE4C7FA2ACAEB065ECF743A8686C1D5CB75DAC20823C1490BB4731778A3CF574EB27E5C0BD7A01EB627FCE8A53B4B42E6495E852595F
                              Malicious:false
                              Preview:{"type":"health","id":"98ed2920-b62b-4d1f-a699-bc73201298a3","creationDate":"2024-08-19T05:54:56.454Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):53
                              Entropy (8bit):4.136624295551173
                              Encrypted:false
                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                              Malicious:false
                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):53
                              Entropy (8bit):4.136624295551173
                              Encrypted:false
                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                              Malicious:false
                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                              Category:dropped
                              Size (bytes):271
                              Entropy (8bit):5.499520834130356
                              Encrypted:false
                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCORtzW6tVNBNzdDdCQ:vLz2S+EWDDoWqC5mcPK34D66/d9
                              MD5:79CAC31FDDA9B1FEF4FC3B2C72320380
                              SHA1:C6D75C586EBF66098D8C6779D9E5F82C95AD7094
                              SHA-256:444F632878A69F1F6D34406F691176395AEDBC808A6CCD7B062E92875FBADC0E
                              SHA-512:4A9012E9DEFFE2DF58C484A40A7E8F4E69D19929C9ED0181B90A98F83E4241DF2A3FFA9824B892217DF9C27D1AAC001357884A1CB692F224A0F21BEA11811C55
                              Malicious:false
                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1724046859868,"startTim...#36534,"recentCrashes":0},"global":{},"cookies":[]}

                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                              Download File
                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                              Category:dropped
                              Size (bytes):271
                              Entropy (8bit):5.499520834130356
                              Encrypted:false
                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCORtzW6tVNBNzdDdCQ:vLz2S+EWDDoWqC5mcPK34D66/d9
                              MD5:79CAC31FDDA9B1FEF4FC3B2C72320380
                              SHA1:C6D75C586EBF66098D8C6779D9E5F82C95AD7094
                              SHA-256:444F632878A69F1F6D34406F691176395AEDBC808A6CCD7B062E92875FBADC0E
                              SHA-512:4A9012E9DEFFE2DF58C484A40A7E8F4E69D19929C9ED0181B90A98F83E4241DF2A3FFA9824B892217DF9C27D1AAC001357884A1CB692F224A0F21BEA11811C55
                              Malicious:false
                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1724046859868,"startTim...#36534,"recentCrashes":0},"global":{},"cookies":[]}

                              Chrome Cache Entry: 286

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (773)
                              Category:downloaded
                              Size (bytes):1477
                              Entropy (8bit):5.2911736427100795
                              Encrypted:false
                              SSDEEP:24:kMYD7xTMu0A1qrxsNPnWYOX8h9/H4UobhzW4Jx+fOHxP4Gbx4CGbPSFLL+OPNZ4k:o7xl0+VWCubc46uxP4Gbx4CGbPSRZNZF
                              MD5:B63A04E37A3DBF13DCCC5C07ADB615AE
                              SHA1:F0C9EBB1B8103B9B04546B1BAF42F3F328F83B60
                              SHA-256:E145EDD5ADD04C898E9A912C3D04735AFF7AF16FD05977729618D2605A91582A
                              SHA-512:0691F4FE1A707CAB15B55FA83E64E1E3FCE1D5E11CD85DEBCA8AC4EC9436BB8D8365096D2233C84981E9115E3FF69A0A5C38070C47B725F3AA6554EE5F8DC503
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.cYa=new _.cf(_.sl);._.l();._.k("bm51tf");.var gYa=!!(_.yg[1]&8);var iYa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=hYa(this)},jYa=function(a){var b={};_.Ma(a.wP(),function(e){b[e]=!0});var c=a.kP(),d=a.qP();return new iYa(a.YL(),c.aa()*1E3,a.KO(),d.aa()*1E3,b)},hYa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ka,a.aa),a.Ca)},NF=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var OF=function(a){_.J.call(this,a.Fa);this.Mc=null;this.ea=a.Da.wS;this.ka=a.Da.metadata;a=a.Da.hba;this.da=a.ea.bind(a)};_.B(OF,_.J);OF.Ma=_.J.Ma;OF.Ba=function(){return{Da:{wS:_.eYa,metadata:_.cYa,hba:_.WXa}}};OF.prototype.aa=function(a,b){if(this.ka.getType(a.Ed())!=1)return _.Dl(a);var c=this.ea.aa;return(c=c?jYa(c):null)&&NF(c)?_.jva(a,kYa(this,a,b,c)):_.Dl(a)};.var kYa=function(a,b,c,d){return c.then(function(e){ret

                              Chrome Cache Entry: 287

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (570)
                              Category:downloaded
                              Size (bytes):3478
                              Entropy (8bit):5.497593708087269
                              Encrypted:false
                              SSDEEP:48:o7WT+Dko1YGGQDSVqXY7HouKYQ4NsFOpHO0C5PU6SBvnjTIATg8ZVsVagxbZuwWr:oyT+4o+GGCSqo7Ho7Ytuc9tndAvCsw
                              MD5:4CEEA8062FFE529B52DF1A5B3DD8E68D
                              SHA1:0252A903DC968A55E0F03CB8C71762E7275AD380
                              SHA-256:4094E594E47E08ED980E6360B40857DDD2AA38E7545420A361614E27FF483F6B
                              SHA-512:B0E33322AC3728E243B81E02785CCDF84487CD2514899B7A8C02E0C442313B948BC8AC13BB1FD758709609D6913003939540F71F6011B7033CE8F05A5112A2CA
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var Tua=function(){var a=_.pe();return _.Zi(a,1)},ir=function(a){this.Ea=_.u(a,0,ir.messageId)};_.B(ir,_.w);ir.prototype.Ia=function(){return _.Pi(this,1)};ir.prototype.Ya=function(a){return _.hj(this,1,a)};ir.messageId="f.bo";var jr=function(){_.nl.call(this)};_.B(jr,_.nl);jr.prototype.Zc=function(){this.vQ=!1;Uua(this);_.nl.prototype.Zc.call(this)};jr.prototype.aa=function(){Vua(this);if(this.bB)return Wua(this),!1;if(!this.DS)return kr(this),!0;this.dispatchEvent("p");if(!this.bM)return kr(this),!0;this.PJ?(this.dispatchEvent("r"),kr(this)):Wua(this);return!1};.var Xua=function(a){var b=new _.ho(a.B1);a.iN!=null&&_.ym(b,"authuser",a.iN);return b},Wua=function(a){a.bB=!0;var b=Xua(a),c="rt=r&f_uid="+_.lh(a.bM);_.Nl(b,(0,_.Uf)(a.ea,a),"POST",c)};.jr.prototype.ea=function(a){a=a.target;Vua(this);if(_.Ql(a)){this.QH=0;if(this.PJ)this.bB=!1,this.dispatchEvent("r"

                              Chrome Cache Entry: 288

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (22732)
                              Category:downloaded
                              Size (bytes):902369
                              Entropy (8bit):5.733495374987416
                              Encrypted:false
                              SSDEEP:6144:PLRxAhedyqVn4QLKCI2CehB9oWFqULIHDqB4ET7SaHXfeFwBPZc6of+kFqFBBICR:PLRKhedyZQFI2CPWC0Samri/
                              MD5:197A37A24591409D0033FD528CE84FBC
                              SHA1:9BAB41C1353297FE6EE3C2C476CDF3F3DA1F1690
                              SHA-256:8A700210BFD24280167813DD72FBA3B96F5097385708D2CE91E8FC87696C0065
                              SHA-512:89252656BD74132579B7B93D78AE6DBCCF02419A575CFC0AD86A7C262A3C114544249B741D6FAF1FC0B04F6FF532B4A0CB1FC6EC7784A25F5432272DC8471EB5
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
                              Preview:"use strict";_F_installCss(".VfPpkd-Sx9Kwc .VfPpkd-P5QLlc{background-color:#fff;background-color:var(--mdc-theme-surface,#fff)}.VfPpkd-Sx9Kwc .VfPpkd-IE5DDf,.VfPpkd-Sx9Kwc .VfPpkd-P5QLlc-GGAcbc{background-color:rgba(0,0,0,.32)}.VfPpkd-Sx9Kwc .VfPpkd-k2Wrsb{color:rgba(0,0,0,.87)}.VfPpkd-Sx9Kwc .VfPpkd-cnG4Wd{color:rgba(0,0,0,.6)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub{color:#000;color:var(--mdc-theme-on-surface,#000)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::after{background-color:#000;background-color:var(--mdc-ripple-color,var(--mdc-theme-on-surface,#000))}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:hover .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-XxIAqe-OWXEXe-ZmdkE .VfPpkd-Bz112c-Jh9lGc::before{opacity:.04;opacity:var(--mdc-ripple-hover-opacity,.04)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-mWPk3d-OWXEXe-AHe6Kc-XpnDCe .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:not(.VfPpkd-ksKsZd-mWPk3d):

                              Chrome Cache Entry: 289

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                              Category:downloaded
                              Size (bytes):5430
                              Entropy (8bit):3.6534652184263736
                              Encrypted:false
                              SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                              MD5:F3418A443E7D841097C714D69EC4BCB8
                              SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                              SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                              SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                              Malicious:false
                              URL:https://www.google.com/favicon.ico
                              Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                              Chrome Cache Entry: 290

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (1694)
                              Category:downloaded
                              Size (bytes):33035
                              Entropy (8bit):5.361444492105162
                              Encrypted:false
                              SSDEEP:768:jEiMsg3PA06/0NIFR4/uSRDt3WQEASp9hcFVLKR7IZsX75ha3eywk0:jpex/uYWQEASp9hcLm3WP0
                              MD5:82884DDA1A6B2FA5F9276E22B11619D0
                              SHA1:032BDEB8832BB7779A8BE31E1A389083447EE567
                              SHA-256:F1F12BA027AD3EE321526D02F737DE3453DCAD8CEDC8813FF35594261A3E34EC
                              SHA-512:3A55A55F6B61D8E14328FED2EFB47ED75BC5515F661504903FCD987EEB5A4CDF432DCA220A829507291502CF42F4B7CC7752B00296DFA73989EFD90B70252359
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var cra=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.ho("//www.google.com/images/cleardot.gif");_.vo(c)}this.ka=c};_.h=cra.prototype;_.h.Mc=null;_.h.EV=1E4;_.h.qy=!1;_.h.fN=0;_.h.gH=null;_.h.VR=null;_.h.setTimeout=function(a){this.EV=a};_.h.start=function(){if(this.qy)throw Error("Ab");this.qy=!0;this.fN=0;dra(this)};_.h.stop=function(){era(this);this.qy=!1};.var dra=function(a){a.fN++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.ql((0,_.Uf)(a.HE,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.Uf)(a.Wda,a),a.aa.onerror=(0,_.Uf)(a.Vda,a),a.aa.onabort=(0,_.Uf)(a.Uda,a),a.gH=_.ql(a.Xda,a.EV,a),a.aa.src=String(a.ka))};_.h=cra.prototype;_.h.Wda=function(){this.HE(!0)};_.h.Vda=function(){this.HE(!1)};_.h.Uda=function(){this.HE(!1)};_.h.Xda=function(){this.HE(!1)};._.h.HE=function(a){era(this);a?(this.qy=!1,this.da.call(this.ea,!0)):this.fN<=0?dra(this):(this.qy=!1,

                              Chrome Cache Entry: 291

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with very long lines (687)
                              Category:downloaded
                              Size (bytes):4140
                              Entropy (8bit):5.352130528550604
                              Encrypted:false
                              SSDEEP:48:vemBbK+I/a3HHwV6jqu2yJuE0KxB/9oLXG2XGWXMFiBYXiByQoTyssJ7vosnwTyj:GwHY6jquxBBxy7twhXGoTyxfi87gw
                              MD5:4E25FD90A77F993E46DD533930ED6132
                              SHA1:CD4705EFB6B90BB63E22E2FB2E2671FD4C05F2CD
                              SHA-256:EC2BCB07F5FBF54C24E057131B2CDF64DCF60DAB2A793BD983606CC6769249CC
                              SHA-512:51DD5E0CA7077A68070FF1C0A08527C16D5162E6ECB2ED663260BC4AC99D4D74EC9952AA9A9C385F83A87B18C95E45688EADF2AFA2D4D33D249D2562FA2CFEFC
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                              Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Wf(_.wpa);._.k("sOXFj");.var Fr=function(a){_.J.call(this,a.Fa)};_.B(Fr,_.J);Fr.Ma=_.J.Ma;Fr.Ba=_.J.Ba;Fr.prototype.aa=function(a){return a()};_.zr(_.vpa,Fr);._.l();._.k("oGtAuc");._.nva=new _.cf(_.wpa);._.l();._.k("q0xTif");.var owa=function(a){var b=function(d){_.Jm(d)&&(_.Jm(d).yc=null,_.Tr(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},es=function(a){_.eq.call(this,a.Fa);this.Pa=this.dom=null;if(this.Ri()){var b=_.Zk(this.Tf(),[_.wl,_.vl]);b=_.Uh([b[_.wl],b[_.vl]]).then(function(c){this.Pa=c[0];this.dom=c[1]},null,this);_.sr(this,b)}this.Oa=a.vh.C9};_.B(es,_.eq);es.Ba=function(){return{vh:{C9:function(){return _.Ge(this)}}}};es.prototype.getContext=function(a){return this.Oa.getContext(a)};.es.prototype.getData=function(a){return this.Oa.getData(a)};es.protot

                              Chrome Cache Entry: 292

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                              Category:downloaded
                              Size (bytes):52280
                              Entropy (8bit):7.995413196679271
                              Encrypted:true
                              SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                              MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                              SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                              SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                              SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                              Malicious:false
                              URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                              Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                              Chrome Cache Entry: 293

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (693)
                              Category:downloaded
                              Size (bytes):3157
                              Entropy (8bit):5.404961685178266
                              Encrypted:false
                              SSDEEP:48:o72bT/FShT02v3Ez29wCkAFE657NQ8jsOo7Kb246xpbOEPL5z7MKm8AYFrw:oM9P28XDAW657OLZnHbOyLB7u5YZw
                              MD5:F20DCA5963AC718E948FE7012FFC0ED8
                              SHA1:4FCA06DDEE1DA10F6EFAD22687D2A38EEEA2AC3E
                              SHA-256:92A274B05B3764BCE76F5045B2EFC7E9A23A3142890240D909C3DC0600ADFB9B
                              SHA-512:4BC87BBB317525827D35467E417F480870D66F9227DD05F85988D54B0E779CFCE31A14D961622504A329C9A89396813FB09F1A96A5B253104684D0663C55C3E6
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var hx=function(a){_.J.call(this,a.Fa)};_.B(hx,_.J);hx.Ma=_.J.Ma;hx.Ba=_.J.Ba;hx.prototype.YO=function(a){return _.Fe(this,{Xa:{ZP:_.ck}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.Le(function(e){window._wjdc=function(f){d(f);e(yGa(f,b,a))}}):yGa(c,b,a)})};var yGa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.ZP.YO(c)};.hx.prototype.aa=function(a,b){var c=_.Fua(b).Si;if(c.startsWith("$")){var d=_.Mm.get(a);_.Mq[b]&&(d||(d={},_.Mm.set(a,d)),d[c]=_.Mq[b],delete _.Mq[b],_.Nq--);if(d)if(a=d[c])b=_.Oe(a);else throw Error("nc`"+b);else b=null}else b=null;return b};_.zr(_.ifa,hx);._.l();._.k("SNUn3");._.xGa=new _.cf(_.Xf);._.l();._.k("RMhBfe");.var zGa=function(a,b){a=_.Usa(a,b);return a.length==0?null:a[0].ctor},AGa=function(){return Object.values(_.Jp).reduce(function(a,b){return a+Object.keys(b).length},0)},BGa=function(){return Object.entries

                              Chrome Cache Entry: 294

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (405)
                              Category:downloaded
                              Size (bytes):1600
                              Entropy (8bit):5.212051203274889
                              Encrypted:false
                              SSDEEP:48:o7ebQUbnbPAHoRS+4iybe0BAmbj7DacTBpPrw:oGwIS+Mbeq/w
                              MD5:5BE59EF9767BCA3DA04890AAF494F44A
                              SHA1:BA350E2AE6656AFDA9BD0294C63FE020A9FA6013
                              SHA-256:7D9D077835A2815841F27FA32C1F3F88DC3C504DCF4A560383D8A01EB6B6C7B5
                              SHA-512:C23E2305241ABD53845325FF024B4F6400DA9F44B573BBC1E83FDF7C6562898C5F2A555E5AFD834F4E63E851A63E9A318D2413CDA7145E14A80EEF37883578C3
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.Wf(_.lka);_.fx=function(a){_.J.call(this,a.Fa);this.aa=a.Xa.cache};_.B(_.fx,_.J);_.fx.Ma=_.J.Ma;_.fx.Ba=function(){return{Xa:{cache:_.Yp}}};_.fx.prototype.execute=function(a){_.Ua(a,function(b){var c;_.Ne(b)&&(c=b.fb.Zb(b.jb));c&&this.aa.nE(c)},this);return{}};_.zr(_.Fka,_.fx);._.l();._.k("VwDzFe");.var gG=function(a){_.J.call(this,a.Fa);this.aa=a.Da.yp;this.ea=a.Da.metadata;this.da=a.Da.Gr};_.B(gG,_.J);gG.Ma=_.J.Ma;gG.Ba=function(){return{Da:{yp:_.IF,metadata:_.cYa,Gr:_.FF}}};gG.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.Ua(a,function(c){var d=b.ea.getType(c.Ed())===2?b.aa.Ub(c):b.aa.aa(c);return _.sk(c,_.JF)?d.then(function(e){return _.md(e)}):d},this)};_.zr(_.Kka,gG);._.l();._.k("sP4Vbe");._.bYa=new _.cf(_.Gka);._.l();._.k("A7fCU");.var MF=function(a){_.J.call(this,a.Fa);this.aa=a.Da.lN};_.B(MF,_.J);MF.Ma=_.J.Ma;MF.Ba=function(){r

                              Chrome Cache Entry: 295

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (509)
                              Category:downloaded
                              Size (bytes):7712
                              Entropy (8bit):5.335099668164131
                              Encrypted:false
                              SSDEEP:96:ofYlbNBlnCXVTDD2X7yPhy5AmrTwK/v4LNJyybwSrBhQcgdRlMzLmFXVh1CPlf+c:bOQSuj/wSvgR5k1l0kCYPPI
                              MD5:319E83B476EC3B345563CC31180FFB30
                              SHA1:3F48B72F8C9E2EA0E5FFDB3B2CF7469D71491488
                              SHA-256:C71E522D256A7DE4424AA01F6E207F5EB2A3B9F613DDFEE34369DC82382F102F
                              SHA-512:51F319329D51651E1B0DA59608AE171728832420D820C38664ED858F19D3CB4AA0ECDF32AD5B799D28D4B5243F74ECD65881B048AE6BE8C3149DD6635E3CC5A3
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,FCpbqb,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WhJNk,WpP9Yc,Wt6vjf,XVq9Qb,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,hhhU8,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.DKa=_.y("wg1P6b",[_.Ey,_.tm,_.zm]);._.k("wg1P6b");.var i4a=function(a,b){b=b||_.La;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);g>0?c=f+1:(d=f,e=!g)}return e?c:-c-1},j4a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},k4a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return j4a(b,a)},l4a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if("sourceIndex"in a||a.parentNode&&"sourceIndex"in a.parentNode){var c=a.nodeType==.1,d=b.nodeType==1;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?j4a(a,b):!c&&_.Lh(e,b)?-1*k4a(a,b):!d&&_.Lh(f,a)?k4a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Bh(a);c=d.createRange();c.selectNode(a);c.collapse(!0);a=d.createRange();a.selectNode(b);a.colla

                              Chrome Cache Entry: 296

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (533)
                              Category:downloaded
                              Size (bytes):9259
                              Entropy (8bit):5.399898091011338
                              Encrypted:false
                              SSDEEP:192:OWzFWf5Eh8jtUqnSfEupf7IgVv3/Vdiu8y77p2s1bX+E+:O2WxRXnKVVFwuJv1bXp+
                              MD5:B2C62D5F5DA06680D1998E078EE2AC12
                              SHA1:F63563196AEC3D24253994B8DB74933F0C383089
                              SHA-256:1955389EF1A9B5BDFAB39FCF0439B81BDD9E3D59F0ECDEE0FEF80E1BA3728F97
                              SHA-512:9541E14359BFDA8650F49C34085E98C490FF875634F431819D0AF00281FDFF8E3EA78B0602956749889E5DB2B52673662AE8BDB1800A76323F7E702B91D49041
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.KKa=_.y("SD8Jgb",[]);._.DX=function(a,b){if(typeof b==="string")a.Jc(b);else if("function"==typeof _.Ax&&b instanceof _.Ax&&b.ia&&b.ia===_.I)b=_.Qq(b.Xu()),a.empty().append(b);else if(b instanceof _.fh)b=_.Qq(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("yf");};_.EX=function(a){var b=_.Fn(a,"[jsslot]");if(b.size()>0)return b;b=new _.Dn([_.Hh("span")]);_.Gn(b,"jsslot","");a.empty().append(b);return b};_.bCb=function(a){return a===null||typeof a==="string"&&_.Wg(a)};._.k("SD8Jgb");._.JX=function(a){_.K.call(this,a.Fa);this.Ta=a.controller.Ta;this.qd=a.controllers.qd[0]||null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.wa().find("button:not([type])").el())==null||b.setAttribute("type","button")};_.B(_.JX,_.K);_.JX.Ba=function(){return{controller:{Ta:{jsname:"n7vHCb",ctor:_.Or},header:{jsname:"tJHJj",ctor:_.Or

                              Chrome Cache Entry: 297

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (4316)
                              Category:downloaded
                              Size (bytes):21822
                              Entropy (8bit):5.39824060823126
                              Encrypted:false
                              SSDEEP:384:24Kj7EhjA808iOWxD1uxgoT2T5scP2OsLl82P3CCEamux:ip8exD1ux5sz2r582P3Clxux
                              MD5:03FC6A4D9052381BC1A99D4C9FCC8160
                              SHA1:0C3DA0588AD29E6D211504301426A7FE00DFDA15
                              SHA-256:EA57341B73D58FEEAC6216E46220476872256980A35870D7E80A1027D77445E4
                              SHA-512:4732C49A6C776261503B0D8A3C1B47CB9AA4E2E819A15399ACE62975FE6C47F134B9A5BE7239A4EF9E6444953D5F52415F9403C729CD89390E7B50A3FDB5556A
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var kEa=_.ea.URL,lEa,mEa,oEa,nEa;try{new kEa("http://example.com"),lEa=!0}catch(a){lEa=!1}mEa=lEa;.oEa=function(a){var b=_.Hh("A");try{_.qb(b,new _.cb(a));var c=b.protocol}catch(e){throw Error("Kc`"+a);}if(c===""||c===":"||c[c.length-1]!=":")throw Error("Kc`"+a);if(!nEa.has(c))throw Error("Kc`"+a);if(!b.hostname)throw Error("Kc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};nEa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):.(a.host=b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.pEa=function(a){if(mEa){try{var b=new kEa(a)}catch(d){throw Error("Kc`"+a);}var c=nEa.get(b.protocol);if(!c)throw Error("Kc`"+a);if(!b.hostname)throw Error("Kc`"+a);b.origin=="null"&&(a={href:b.hre

                              Chrome Cache Entry: 298

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (468)
                              Category:downloaded
                              Size (bytes):1887
                              Entropy (8bit):5.254312932928674
                              Encrypted:false
                              SSDEEP:48:o7rbLB72L3AIFxMbEM7IOZz8fV/3fM/rWuxTTrw:ot2LjFYZZzeG7TPw
                              MD5:1A96947EAFA18C55DA15FF55E1A15ACC
                              SHA1:B9C6BD727165B81F4905871F73F1E0FAA42ACDA9
                              SHA-256:B756FC01C3C5222339B5B45A64BD19A8B6D41F8C5F376E38AE47ADD5EBA5A792
                              SHA-512:046BB5766EF2F69E41E67049FB8ADCBF58B3702D8D1038C534A439853F2A0D828DDA44BD28E65688BE94F099332C32C6E883EEB720128ED5ABE468034928317B
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/ck=boq-identity.AccountsSignInUi.HabcaFdrG9E.L.B1.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlE6TgCF_CvzJqwxSef8cUK0z3GnzA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.ZZ=function(a){_.J.call(this,a.Fa);this.window=a.Da.window.get();this.Dc=a.Da.Dc};_.B(_.ZZ,_.J);_.ZZ.Ma=_.J.Ma;_.ZZ.Ba=function(){return{Da:{window:_.Cr,Dc:_.ED}}};_.ZZ.prototype.En=function(){};_.ZZ.prototype.addEncryptionRecoveryMethod=function(){};_.$Z=function(a){return(a==null?void 0:a.Pq)||function(){}};_.a_=function(a){return(a==null?void 0:a.xR)||function(){}};_.JFb=function(a){return(a==null?void 0:a.xo)||function(){}};._.KFb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.LFb=function(a){setTimeout(function(){throw a;},0)};_.ZZ.prototype.fL=function(){return!0};_.zr(_.rm,_.ZZ);._.l();._.k("ziXSP");.var t_=function(a){_.ZZ.call(this,a.Fa)};_.B(t_,_.ZZ);t_.Ma=_.ZZ.Ma;t_.Ba=_.ZZ.Ba;t_.prototype.En=function(a,b,c){var d;

                              Chrome Cache Entry: 299

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with no line terminators
                              Category:downloaded
                              Size (bytes):44
                              Entropy (8bit):4.453416561671607
                              Encrypted:false
                              SSDEEP:3:8VKJmQcwVbF7KnZ:BJmjwVbF7KZ
                              MD5:491DC96011445194971CFAE6A7A0B191
                              SHA1:74BD675A8CBC8AF507C0EB5509727EA3F9B85060
                              SHA-256:C3BA6FCBB38A83C87009DEE4BAB93A9B3274553128D77E5B2C04077ECD35C1D3
                              SHA-512:38356EF67B6B704F2129828299E516B04B29EA1EEB25CF356E22E3AFEC7A875E2187F70E9E7CF0467DEFA14F11D802ACF00D69B2B13EFEA025942E21383AC35E
                              Malicious:false
                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                              Preview:Ch8KBw0ZARP6GgAKCw3oIX6GGgQISxgCCgcN05ioBxoA

                              Chrome Cache Entry: 300

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (553)
                              Category:downloaded
                              Size (bytes):244598
                              Entropy (8bit):5.471959734795694
                              Encrypted:false
                              SSDEEP:3072:f3qgR5zX9U5WQeUd4A1jBqWpJVZpOLR+vPrHDnUjJB:fbKWQeUdP1jDpJ4Lsv/n6B
                              MD5:9F3C9BF90412DD2D27DB5B02D96ADAFA
                              SHA1:E44F5A3D77853C7BAC2F7FD4AC8426C699D58FB0
                              SHA-256:D0C6B52E600149914D57FA2F07EC58D5962051C1718049EB3ABC76C19302F255
                              SHA-512:CF89F050C48AC4B09E8D04C3471351668DD2F12804EFCB5F753BA33C284C03BC4B60F88F452C99996C73E2C2CFB438DDF18207C36F322CD37F1A312FD1F17ECD
                              Malicious:false
                              URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.DtzUaWg4JxA.es5.O/am=gKxgGAzTAALxcA70gKJAyAAAAAAAAAAAgA0AAGIG/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHwd0EJw8EZhksmKYxJwDGaQ8NAjw/m=_b,_tp"
                              Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1860ac80, 0x8034c30, 0xe70f10, 0x1028a03d, 0xc8, 0x0, 0xd80000, 0x1988000, 0x0, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/.var baa,daa,gaa,laa,oaa,$a,bb,eb,Db,Hb,Ib,zaa,Aaa,Jb,Baa,Caa,Daa,Ob,Sb,Haa,Jaa,Laa,Wb,Xb,Yb,Qaa,Raa,Vaa,$aa,aba,eba,hba,bba,gba,fba,dba,cba,iba,mba,nba,kba,vc,wc,qba,uba,vba,Aba,Bba,Cba,Dba,zba,Eba,Gba,Tc,Iba,Jba,Kba,Lba,Mba,Pba,bd,Sba,Rba,Uba,gd,ed,Wba,Vba,Zba,Yba,kd,$ba,cca,eca,fca,ica,jca,zd,pca,qca,Kd,wd,Ad,Gca,Cca,Hca,Ica,Lca,Jca,Pca,Qca,Rca,Uca,Vca,zca,Tca,Xca,sda,re,uda,se,vda,xda,Gda,Hda,Ida,Jda,Kda,Lda,Mda,Nda,Oda,Rda,Tda,$da,aea,be

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Entropy (8bit):6.755469557381233
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 99.94%
                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              • VXD Driver (31/22) 0.00%
                              File name:file.exe
                              File size:91'648 bytes
                              MD5:8814875dee846a623f322b36dc7bbc62
                              SHA1:d1eca26e190096a2d289333e17a914474ad9bea5
                              SHA256:660f2bc8579f642b117f4f9e4eefead53eba338e5da6791cf69bbeca0259a1fc
                              SHA512:1a2e45bcb441ce9522817482fca39533b2e1440a708e6e4dfcc2cce20c24e3d0a19f86e1dc84204d931fd031029e1dab4e81a78ccaef57cb4a3d7324c06c02cc
                              SSDEEP:1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfIxXonO+:Hq6+ouCpk2mpcWJ0r+QNTBfIu
                              TLSH:C6937C45F3E641F7E9F10A3100A6712FE73562285724E8DBC34C3D829A53AD1AA7D3E9
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@........................................................................

                              File Icon

                              Icon Hash:00928e8e8686b000

                              Static PE Info

                              General

                              Entrypoint:0x401000
                              Entrypoint Section:.code
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              DLL Characteristics:
                              Time Stamp:0x5D400562 [Tue Jul 30 08:52:50 2019 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:5877688b4859ffd051f6be3b8e0cd533

                              Entrypoint Preview

                              Instruction
                              push 000000ACh
                              push 00000000h
                              push 00418010h
                              call 00007F2A24E42581h
                              add esp, 0Ch
                              push 00000000h
                              call 00007F2A24E4257Ah
                              mov dword ptr [00418014h], eax
                              push 00000000h
                              push 00001000h
                              push 00000000h
                              call 00007F2A24E42567h
                              mov dword ptr [00418010h], eax
                              call 00007F2A24E424E1h
                              mov eax, 00417088h
                              mov dword ptr [00418034h], eax
                              call 00007F2A24E4B302h
                              call 00007F2A24E4B06Eh
                              call 00007F2A24E47F68h
                              call 00007F2A24E477ECh
                              call 00007F2A24E4727Fh
                              call 00007F2A24E46FF9h
                              call 00007F2A24E46B1Dh
                              call 00007F2A24E4629Dh
                              call 00007F2A24E42865h
                              call 00007F2A24E49BE8h
                              call 00007F2A24E48690h
                              mov edx, 0041702Eh
                              lea ecx, dword ptr [0041801Ch]
                              call 00007F2A24E424F8h
                              push FFFFFFF5h
                              call 00007F2A24E42508h
                              mov dword ptr [0041803Ch], eax
                              mov eax, 00000200h
                              push eax
                              lea eax, dword ptr [004180B8h]
                              push eax
                              xor eax, eax
                              push eax
                              push 00000015h
                              push 00000004h
                              call 00007F2A24E47242h
                              push dword ptr [004180A0h]

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1717c0xc8.data
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x190000xffc.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x174700x22c.data
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .code0x10000x37f00x38006c0f4094a5493360ae8c9032ef3a9f47False0.47140066964285715data5.608776130769213IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .text0x50000xd2c20xd4001da643e4b1937b50550f9d9e8250428eFalse0.5114239386792453data6.558083729279072IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x130000x339d0x34004fb07923b0eb72c40319d48fd2d4f13fFalse0.8046123798076923data7.110640338733979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x170000x172c0x12001fedd60df334d06c8ecbd09dfb8fe625False0.3940972222222222data4.999162126414562IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0x190000xffc0x1000abbf41feb99f1c72850defd2f0aa4b1bFalse0.889892578125data7.528602358526701IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_RCDATA0x1921c0x1very short file (no magic)9.0
                              RT_RCDATA0x192200x9data1.8888888888888888
                              RT_RCDATA0x1922c0xezlib compressed data1.5714285714285714
                              RT_RCDATA0x1923c0xb59data1.0037865748709123
                              RT_MANIFEST0x19d980x263XML 1.0 document, ASCII text0.5319148936170213

                              Imports

                              DLLImport
                              MSVCRT.dllmemset, wcsncmp, memmove, wcsncpy, wcsstr, _wcsnicmp, _wcsdup, free, _wcsicmp, wcslen, wcscpy, wcscmp, memcpy, tolower, wcscat, malloc
                              KERNEL32.dllGetModuleHandleW, HeapCreate, GetStdHandle, HeapDestroy, ExitProcess, WriteFile, GetTempFileNameW, LoadLibraryExW, EnumResourceTypesW, FreeLibrary, RemoveDirectoryW, GetExitCodeProcess, EnumResourceNamesW, GetCommandLineW, LoadResource, SizeofResource, FreeResource, FindResourceW, GetNativeSystemInfo, GetShortPathNameW, GetWindowsDirectoryW, GetSystemDirectoryW, EnterCriticalSection, CloseHandle, LeaveCriticalSection, InitializeCriticalSection, WaitForSingleObject, TerminateThread, CreateThread, Sleep, GetProcAddress, GetVersionExW, WideCharToMultiByte, HeapAlloc, HeapFree, LoadLibraryW, GetCurrentProcessId, GetCurrentThreadId, GetModuleFileNameW, GetEnvironmentVariableW, SetEnvironmentVariableW, GetCurrentProcess, TerminateProcess, SetUnhandledExceptionFilter, HeapSize, MultiByteToWideChar, CreateDirectoryW, SetFileAttributesW, GetTempPathW, DeleteFileW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateFileW, SetFilePointer, TlsFree, TlsGetValue, TlsSetValue, TlsAlloc, HeapReAlloc, DeleteCriticalSection, InterlockedCompareExchange, InterlockedExchange, GetLastError, SetLastError, UnregisterWait, GetCurrentThread, DuplicateHandle, RegisterWaitForSingleObject
                              USER32.DLLCharUpperW, CharLowerW, MessageBoxW, DefWindowProcW, DestroyWindow, GetWindowLongW, GetWindowTextLengthW, GetWindowTextW, UnregisterClassW, LoadIconW, LoadCursorW, RegisterClassExW, IsWindowEnabled, EnableWindow, GetSystemMetrics, CreateWindowExW, SetWindowLongW, SendMessageW, SetFocus, CreateAcceleratorTableW, SetForegroundWindow, BringWindowToTop, GetMessageW, TranslateAcceleratorW, TranslateMessage, DispatchMessageW, DestroyAcceleratorTable, PostMessageW, GetForegroundWindow, GetWindowThreadProcessId, IsWindowVisible, EnumWindows, SetWindowPos
                              GDI32.DLLGetStockObject
                              COMCTL32.DLLInitCommonControlsEx
                              SHELL32.DLLShellExecuteExW, SHGetFolderLocation, SHGetPathFromIDListW
                              WINMM.DLLtimeBeginPeriod
                              OLE32.DLLCoInitialize, CoTaskMemFree
                              SHLWAPI.DLLPathAddBackslashW, PathRenameExtensionW, PathQuoteSpacesW, PathRemoveArgsW, PathRemoveBackslashW

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 19, 2024 06:03:51.850953102 CEST49675443192.168.2.523.1.237.91
                              Aug 19, 2024 06:03:51.960156918 CEST49673443192.168.2.523.1.237.91
                              Aug 19, 2024 06:03:52.007030964 CEST49674443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:01.634426117 CEST49674443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:01.634459019 CEST49673443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:01.634455919 CEST49675443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:02.070913076 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.070943117 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.071044922 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.071551085 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.071567059 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.866184950 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.871947050 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.871956110 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.873002052 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.873075008 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.874275923 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.874335051 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.874474049 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.920495033 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:02.930579901 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:02.930588961 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:03.097007990 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:03.097105026 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:03.213984013 CEST49722443192.168.2.594.245.104.56
                              Aug 19, 2024 06:04:03.214001894 CEST4434972294.245.104.56192.168.2.5
                              Aug 19, 2024 06:04:03.217642069 CEST4434970323.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:03.219449997 CEST49703443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:04.823859930 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:04.823893070 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:04.823961973 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:04.825774908 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:04.825790882 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.482264996 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.482352018 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.495291948 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.495306015 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.495682955 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.558780909 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.600526094 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.661593914 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:05.661623001 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:05.661739111 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:05.662138939 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:05.662147045 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:05.662293911 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:05.662511110 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:05.662522078 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:05.662672043 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:05.662681103 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:05.692406893 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:05.692449093 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:05.692581892 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:05.693536043 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:05.693552971 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:05.753350019 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.753422976 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.753540993 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.804428101 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.804428101 CEST49732443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.804439068 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.804445982 CEST44349732184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.868149042 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.868197918 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:05.868479013 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.869873047 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:05.869889975 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:06.136581898 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.136842966 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.137352943 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:06.137352943 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.137363911 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.137382030 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.138396978 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.138446093 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.138487101 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:06.138643980 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.164685011 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:06.164685965 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.164752007 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.164787054 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.165013075 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:06.165013075 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.165025949 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.169053078 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.169537067 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.169572115 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.172943115 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.173053026 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.173904896 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.173980951 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.174083948 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.212506056 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.220511913 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.246336937 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.246355057 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.246412039 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.246432066 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.266695976 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.266848087 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:06.267575979 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.267672062 CEST49735443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:06.267672062 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.267683983 CEST44349735172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:06.271143913 CEST49734443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.271151066 CEST44349734162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.286206007 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.286540031 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.286919117 CEST49736443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:06.286933899 CEST44349736162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:06.522475004 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:06.523845911 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:06.700114965 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:06.700131893 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:06.701101065 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:06.741852999 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:07.080441952 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:07.120503902 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:07.267894983 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:07.267995119 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:07.268042088 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:07.329194069 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:07.329215050 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:07.329225063 CEST49742443192.168.2.5184.28.90.27
                              Aug 19, 2024 06:04:07.329230070 CEST44349742184.28.90.27192.168.2.5
                              Aug 19, 2024 06:04:07.491940975 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.492024899 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.492096901 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.492207050 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.492270947 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.492350101 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.492527962 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.492562056 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.492659092 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.492691040 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.769382000 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:07.769445896 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:07.769628048 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:07.770401955 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:07.770451069 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:07.960089922 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.961771965 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.961795092 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.962251902 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.964926004 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.966810942 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.966844082 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.967216969 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.967314959 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.967324018 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.967663050 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.967736006 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.047583103 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.056502104 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.056545973 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.056709051 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.058128119 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.058144093 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.127588987 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.333259106 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.339565039 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.339592934 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.340081930 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.340101004 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.340142012 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.340152025 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.340181112 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.340198040 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.340838909 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.345457077 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.345521927 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.350514889 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.350522995 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.446549892 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.448803902 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.448853970 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.448888063 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.448930979 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.448941946 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.448982000 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.449548006 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.449629068 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.449656010 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.449678898 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.449706078 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.449716091 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.449728966 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.450644016 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.450706005 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.450711966 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.450803995 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.450922012 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.450928926 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.451196909 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.451248884 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.451255083 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.453584909 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.453701019 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.453707933 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.491003990 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.491055012 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.491221905 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.491399050 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.491414070 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.515407085 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.515440941 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.515561104 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.516196966 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.516208887 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.538424015 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538490057 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.538518906 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538602114 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538666010 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.538672924 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538773060 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538825989 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.538831949 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538923979 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.538971901 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.538979053 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.539340973 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.539405107 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.539499044 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.539551973 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.539558887 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.539603949 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.539609909 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.539906979 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.539958000 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.539963007 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540086031 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540132046 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.540138006 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540224075 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540278912 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.540285110 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540369034 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540416956 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.540422916 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540548086 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540570021 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.540600061 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.540637970 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.540643930 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540852070 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.540905952 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.540910959 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541002989 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541086912 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541136026 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.541141987 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541182041 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.541187048 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541280985 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541335106 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.541340113 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541346073 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.541409016 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.541779041 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.541826963 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.541832924 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.542346954 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.542399883 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.544159889 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.544302940 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.544394970 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.544414043 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.583849907 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.583965063 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.583985090 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.627860069 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.627923012 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.627943993 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628029108 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628113031 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628133059 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.628140926 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628211975 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.628216982 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628314018 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628391027 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.628396988 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628475904 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628560066 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.628566027 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628660917 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628760099 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628812075 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.628818035 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628859043 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.628865004 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.628962040 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629019022 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629024029 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629101992 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629184008 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629231930 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629237890 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629291058 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629302979 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629415989 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629467010 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629472017 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629570007 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629661083 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629693985 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629699945 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629740000 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629745007 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629869938 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.629916906 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.629923105 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630013943 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630060911 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.630067110 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630155087 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630199909 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.630206108 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630556107 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630609989 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.630615950 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630722046 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630803108 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630848885 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.630855083 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.630896091 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.630899906 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.631011963 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.631058931 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.631064892 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.631151915 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.631269932 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.631275892 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.631455898 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.631504059 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.631510019 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.637928009 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.672461033 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.672530890 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.672580004 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.672584057 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.672612906 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.672631025 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.672682047 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.672789097 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.672835112 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.683351994 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.683489084 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.683552980 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.683585882 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.683634043 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.683737993 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.683792114 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.683842897 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.683897018 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.683944941 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.683996916 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.684448004 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.684514999 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.684540033 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.684590101 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.685007095 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.685069084 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.687999964 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.688234091 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.699853897 CEST49746443192.168.2.5142.251.40.225
                              Aug 19, 2024 06:04:08.699875116 CEST44349746142.251.40.225192.168.2.5
                              Aug 19, 2024 06:04:08.772840977 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.772948980 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.772974968 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773005009 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773097038 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773154020 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773176908 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773194075 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773228884 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773237944 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773282051 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773283005 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773308992 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773396015 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773446083 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773453951 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773483038 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773499012 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773507118 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773542881 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773586035 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773736954 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773818970 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773871899 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773880005 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.773921013 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.773926973 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.774210930 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.776366949 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.776434898 CEST49747443192.168.2.5142.251.40.238
                              Aug 19, 2024 06:04:08.776452065 CEST44349747142.251.40.238192.168.2.5
                              Aug 19, 2024 06:04:08.909979105 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:08.910068035 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:08.910455942 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:08.910815001 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:08.910850048 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:08.970009089 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.970288038 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.970308065 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.970818043 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.970879078 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.971817970 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.971961021 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.973071098 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.973150969 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.973346949 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.973356962 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.990130901 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.990362883 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.990374088 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.990884066 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.990961075 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.991879940 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.991976976 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.992685080 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.992763042 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:08.993078947 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:08.993097067 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.040038109 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.087167978 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.087270975 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.087580919 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.106486082 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.106602907 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.117122889 CEST49749443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.117144108 CEST44349749142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.119605064 CEST49750443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.119612932 CEST44349750142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.489001989 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.547013044 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.645536900 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.645576954 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.647216082 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.647262096 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.647377014 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.647413969 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.648052931 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:09.648078918 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:09.648591042 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.648593903 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.648705959 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:09.648781061 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:09.648787975 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:09.649136066 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.649147987 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.649266005 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.649283886 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.649493933 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.649529934 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.649722099 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.650711060 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.650882959 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.650893927 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.669842005 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:09.669878960 CEST4434975535.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:09.673850060 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:09.692534924 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.721153975 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:09.721188068 CEST4434975535.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:09.741120100 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.741148949 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.754080057 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.754111052 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.754128933 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.754184961 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.754352093 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:09.756412029 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.761436939 CEST49751443192.168.2.5152.195.19.97
                              Aug 19, 2024 06:04:09.761473894 CEST44349751152.195.19.97192.168.2.5
                              Aug 19, 2024 06:04:10.131436110 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.147186995 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.154292107 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.165730000 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.165744066 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.166192055 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.166218042 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.166722059 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.167207003 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.167205095 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.167224884 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.167303085 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.167306900 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.167479992 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.167536020 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.168951988 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.169292927 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.169802904 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.170247078 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.170852900 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.171039104 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.171120882 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.171189070 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.172380924 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.172497988 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.172555923 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.200608969 CEST4434975535.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:10.202223063 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:10.220506907 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.230314970 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.230330944 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.230359077 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.230367899 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.242373943 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:10.242387056 CEST4434975535.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:10.242641926 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:10.242902994 CEST4434975535.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:10.245384932 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.245393038 CEST49755443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:10.245402098 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.256684065 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:10.261641026 CEST804975634.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:10.262300014 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:10.262619972 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:10.267559052 CEST804975634.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:10.275335073 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.275439024 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.275527954 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.275656939 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.275835991 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.276340008 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.278729916 CEST49754443192.168.2.5142.250.81.228
                              Aug 19, 2024 06:04:10.278744936 CEST44349754142.250.81.228192.168.2.5
                              Aug 19, 2024 06:04:10.341969013 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.434379101 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:10.737289906 CEST804975634.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:10.933181047 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:11.650110006 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:11.650151968 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:11.653665066 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:11.653947115 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:11.653964996 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.312206030 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.312428951 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.312443972 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.313473940 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.313575029 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.314605951 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.314676046 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.314898014 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.314913988 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.385288954 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:12.390124083 CEST804976534.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:12.390330076 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:12.390511990 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:12.396382093 CEST804976534.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:12.416567087 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.416588068 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.416966915 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.416987896 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.417032957 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.420285940 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.504817963 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.504826069 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.504868031 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.504880905 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.504901886 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.504910946 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.505194902 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.507293940 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.507302046 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.507339954 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.507364988 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.508052111 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.508059025 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.508121014 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.594257116 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.594265938 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.594304085 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.594481945 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.594508886 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.594517946 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.594558001 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.594575882 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.594634056 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.595652103 CEST49764443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.595670938 CEST4434976413.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.644711971 CEST49767443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.644746065 CEST4434976713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.645487070 CEST49767443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.646024942 CEST49767443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.646038055 CEST4434976713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.727466106 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:12.727509975 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:12.727581978 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:12.728579044 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:12.728591919 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:12.853684902 CEST804976534.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:12.913203955 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.913209915 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.913307905 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:12.913333893 CEST49767443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.913333893 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:12.913347006 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:12.913363934 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:12.913482904 CEST44349752142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:12.913490057 CEST44349753142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:12.913769007 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.913801908 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.913806915 CEST44349744162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:12.913892031 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.913897038 CEST44349745162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:12.913909912 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.913935900 CEST49752443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:12.914010048 CEST49753443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:12.914103985 CEST49744443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.914141893 CEST49745443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.914189100 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.914360046 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:12.914372921 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:12.960509062 CEST4434976713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.036670923 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:13.328078032 CEST4434976713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.328502893 CEST4434976713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.328876019 CEST49767443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.328902006 CEST49767443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.340554953 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.340598106 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.340872049 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.340902090 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.344486952 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.344487906 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.344650030 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.344662905 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.344815016 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.344834089 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.436414003 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:13.436553001 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:13.439055920 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:13.439068079 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:13.439402103 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:13.510929108 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:13.549429893 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:13.549458027 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:13.549529076 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:13.549755096 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:13.549766064 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:13.564840078 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.565113068 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.565124989 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.565612078 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.569077969 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.569186926 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.569261074 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.616493940 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.645293951 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.669770956 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.669790983 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.669941902 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.669971943 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.669981956 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.670013905 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.670037031 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.670047998 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.670058966 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.670066118 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.670070887 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.670267105 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.670278072 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.670461893 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.757607937 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.757621050 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.757657051 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.758173943 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.758182049 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.758932114 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.758961916 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.759030104 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.759037018 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.760171890 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.808864117 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.809556007 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.809643030 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.809981108 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.811387062 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.811459064 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.831870079 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.837960958 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.837984085 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.838351011 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.845524073 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.845583916 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.846718073 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.846784115 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.847456932 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.847501993 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.847939014 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.847949028 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.848463058 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.848463058 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.848470926 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.848506927 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.848619938 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.848670959 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.848721981 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.849235058 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.849281073 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.849688053 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.849694967 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.853148937 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.924396038 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.934091091 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.934129953 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.934159994 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.934178114 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.934345961 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.934639931 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.934663057 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.935050011 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.935056925 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.935101032 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.935269117 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.935290098 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.935722113 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.935730934 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.935821056 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.936095953 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.936115026 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.936508894 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.936508894 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.936517000 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.937041998 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.937067032 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.937170029 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.937189102 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.937225103 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.937232018 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.937375069 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.937376022 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.938889980 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.938913107 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.938982964 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.938988924 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:13.939074039 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:13.948183060 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:14.018122911 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.018146992 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.018208027 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.018218994 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.018382072 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.022665977 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.022682905 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.023083925 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.023149014 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.023257971 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.023272038 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.023361921 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.023437977 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.025635004 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.027805090 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.027873039 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.027889013 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.027966976 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.029658079 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:14.032022953 CEST49771443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.032037973 CEST4434977113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.072514057 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.196377993 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.204135895 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.204169035 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.205576897 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.205882072 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.208064079 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.209084988 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.210320950 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.210501909 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.210624933 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.252542973 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.257849932 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.257889032 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.257900000 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.257922888 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.257934093 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.257944107 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.268191099 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:14.268239021 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.268256903 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.268507957 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:14.313081026 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.313100100 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.315290928 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.330391884 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.330420017 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.330873013 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.340651035 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.340837002 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.341315985 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.341372013 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.341506004 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.341561079 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.341665030 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.341675043 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.341856003 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.341864109 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.342035055 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342052937 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.342215061 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342319012 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342427015 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342432022 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342637062 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342653036 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.342720032 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342747927 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.342823982 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342832088 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.342895985 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.342900991 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.343069077 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.343090057 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.343211889 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.343230963 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.388514042 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.422312975 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.422400951 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.446101904 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446134090 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446144104 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446172953 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446182966 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446194887 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446264982 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.446286917 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.446671963 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.510751963 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.510797024 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.510821104 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.510932922 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.510952950 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.515625954 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.516752005 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.516763926 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.521884918 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.521996975 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.522315979 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.522324085 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.522412062 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.528213024 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.528266907 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.529900074 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.529917002 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.529937983 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.529973030 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.531229019 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.531250954 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.531745911 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.533947945 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.533961058 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.533998013 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.534027100 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.534043074 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.534115076 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.534730911 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.534754992 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.535388947 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.535402060 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.536217928 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.599617004 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.599744081 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.599824905 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.603642941 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.603672981 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.605448008 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.605551004 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.605902910 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.605914116 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.606132984 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.611810923 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.611922026 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.616867065 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.616894007 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.616966963 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.617012024 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.617114067 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.617129087 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.617300034 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.617346048 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.617434025 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.617535114 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.617997885 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.618058920 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.618333101 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.618333101 CEST49782443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.618347883 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.618366957 CEST4434978213.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.618664026 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.618748903 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.618957996 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.619782925 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:14.619820118 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:14.624418020 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.624525070 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.624535084 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.630798101 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.630870104 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.630877018 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.631063938 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.631145000 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.631300926 CEST44349780142.250.184.206192.168.2.5
                              Aug 19, 2024 06:04:14.631314993 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.631758928 CEST49780443192.168.2.5142.250.184.206
                              Aug 19, 2024 06:04:14.650294065 CEST49703443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:14.650384903 CEST49703443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:14.650692940 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:14.650718927 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:14.650824070 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:14.651417971 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:14.651459932 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:14.655220985 CEST4434970323.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:14.655255079 CEST4434970323.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:14.815505981 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:14.815527916 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.815540075 CEST49770443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:14.815546036 CEST4434977013.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:14.997910023 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.002093077 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.002146959 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.003921986 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.004151106 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.004380941 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.004939079 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.005249977 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.005276918 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.005356073 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.005388975 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.005672932 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.005768061 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.005822897 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.006722927 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.006783962 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.006798029 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.006859064 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.007106066 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.007180929 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.007375002 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.007456064 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.007508039 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.007563114 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.022550106 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.023670912 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.023679972 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.024122953 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.032907963 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.033317089 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.033401012 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.033440113 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.039674044 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.039681911 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.041143894 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.041205883 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.041532040 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.041611910 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.041651011 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.048542023 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.052505016 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.052505970 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.080503941 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.084528923 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.104979038 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.105061054 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.105073929 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.105436087 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.105487108 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.105966091 CEST49791443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.105983019 CEST4434979113.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.106285095 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.106318951 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.107033968 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.107389927 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.107412100 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.109843969 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.109920979 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.109921932 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.109977961 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.111787081 CEST49788443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.111805916 CEST4434978813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.112067938 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.112077951 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.112381935 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.116955996 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.116969109 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.116996050 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.117140055 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.118956089 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.121449947 CEST49787443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.121463060 CEST4434978713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.136347055 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.136462927 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.137600899 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.138391972 CEST49789443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.138398886 CEST4434978913.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.142651081 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.142658949 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.147093058 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.147156000 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.153446913 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.154347897 CEST49790443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.154360056 CEST4434979013.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.261424065 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.263463020 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.263479948 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.264925003 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.265773058 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.267883062 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.267883062 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:15.268384933 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.268466949 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.268765926 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.268774986 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.296432018 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:15.296447039 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.297522068 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.300240993 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:15.308725119 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:15.308800936 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.308882952 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:15.308891058 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.332048893 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.364731073 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.364761114 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.364876986 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.365036964 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.366866112 CEST49793443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.366879940 CEST4434979313.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.532607079 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.532661915 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:15.533350945 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:15.746407032 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.749957085 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.755243063 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.755263090 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.755362034 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.755371094 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.755620003 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.755698919 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.769329071 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.769395113 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.769606113 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.769685030 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.769743919 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.769783020 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.796441078 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:15.796466112 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:15.796545982 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:15.796756029 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:15.796770096 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:15.812495947 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.812503099 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.831530094 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.846641064 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.865705013 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.866435051 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.866616964 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.867022038 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.867042065 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.867137909 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.867739916 CEST49798443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.867753983 CEST4434979813.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.869091034 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.871263027 CEST49797443192.168.2.513.107.246.40
                              Aug 19, 2024 06:04:15.871269941 CEST4434979713.107.246.40192.168.2.5
                              Aug 19, 2024 06:04:15.938340902 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:15.938380957 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:15.942409039 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:15.943340063 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:15.943356991 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.151983976 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:16.152035952 CEST4434979423.1.237.91192.168.2.5
                              Aug 19, 2024 06:04:16.152085066 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:16.152280092 CEST49794443192.168.2.523.1.237.91
                              Aug 19, 2024 06:04:16.437498093 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.437730074 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.437743902 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.438255072 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.438318968 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.439268112 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.441953897 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.443062067 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.443154097 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.443264961 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.443272114 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.535813093 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.582993031 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.583182096 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.583201885 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.583559036 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.583617926 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.584247112 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.584300995 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.584446907 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.584517956 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.584595919 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.584603071 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.636151075 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.714585066 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.714710951 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.714762926 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.715056896 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.715068102 CEST44349801172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.715080023 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.716095924 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.716135979 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.716383934 CEST49801443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.716417074 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.716620922 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.716650009 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.860635996 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.860703945 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.860977888 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.860990047 CEST44349805172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.861406088 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.861430883 CEST49805443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.861738920 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.861774921 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:16.862293959 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.862479925 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:16.862497091 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.357664108 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.358586073 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.358597040 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.359098911 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.360102892 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.364505053 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.370054007 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.370939016 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.371023893 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.371161938 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.371176958 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.371193886 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.439018965 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.439027071 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.527396917 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.527601004 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.527631998 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.528879881 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.528949022 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.531061888 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.531172991 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.531341076 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.531428099 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.531532049 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.531548977 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.531564951 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.566776037 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.566962004 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.567619085 CEST49811443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.567631006 CEST44349811172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.645513058 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.645536900 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.662472963 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:17.662569046 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:17.662697077 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:17.662883997 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:17.662919044 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:17.731242895 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:17.731314898 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.732098103 CEST49812443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:17.732122898 CEST44349812172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:18.310348988 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.310628891 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.310652018 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.312087059 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.312150955 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.313036919 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.313116074 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.313214064 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.356542110 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.441788912 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.441849947 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.542072058 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.585170031 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585294008 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585393906 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585463047 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.585494041 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585655928 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585751057 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.585763931 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585833073 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:18.585875034 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.585927963 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.586741924 CEST49813443192.168.2.5172.217.18.4
                              Aug 19, 2024 06:04:18.586775064 CEST44349813172.217.18.4192.168.2.5
                              Aug 19, 2024 06:04:20.743570089 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:20.748420000 CEST804975634.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:22.866524935 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:22.876087904 CEST804976534.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:23.337222099 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.337268114 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:23.337845087 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.338120937 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.338146925 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:23.979129076 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:23.979676962 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.979706049 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:23.980020046 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:23.980662107 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.980721951 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:23.980868101 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.980887890 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:23.980897903 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:24.026331902 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:24.203042030 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:24.203150034 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:24.203294992 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:24.204282045 CEST49815443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:24.204308033 CEST44349815172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:28.718122959 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:28.718216896 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:28.718354940 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:28.735023975 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:28.735105991 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:28.738415003 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:30.757091999 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:30.762022018 CEST804975634.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:32.879054070 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:32.883857012 CEST804976534.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:36.298515081 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.298557043 CEST4434981934.149.100.209192.168.2.5
                              Aug 19, 2024 06:04:36.299395084 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.299401999 CEST4434982035.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:36.299681902 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.299814939 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.299814939 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.299833059 CEST4434981934.149.100.209192.168.2.5
                              Aug 19, 2024 06:04:36.300019026 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.300029993 CEST4434982035.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:36.333421946 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.333431005 CEST4434982135.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:36.333647013 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.335683107 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.335692883 CEST4434982135.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:36.769427061 CEST4434982035.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:36.772128105 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.785450935 CEST4434981934.149.100.209192.168.2.5
                              Aug 19, 2024 06:04:36.787719011 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.793083906 CEST4434982135.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:36.793158054 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.931236982 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.931257963 CEST4434982035.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:36.931579113 CEST4434982035.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:36.935769081 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.935784101 CEST4434981934.149.100.209192.168.2.5
                              Aug 19, 2024 06:04:36.936796904 CEST4434981934.149.100.209192.168.2.5
                              Aug 19, 2024 06:04:36.941051006 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.941178083 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.941267967 CEST4434982035.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:36.943140984 CEST49820443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:36.946317911 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.946331024 CEST4434982135.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:36.946413994 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.946799994 CEST4434982135.190.72.216192.168.2.5
                              Aug 19, 2024 06:04:36.949312925 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.949403048 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:36.949562073 CEST49821443192.168.2.535.190.72.216
                              Aug 19, 2024 06:04:36.949791908 CEST4434981934.149.100.209192.168.2.5
                              Aug 19, 2024 06:04:36.950467110 CEST49819443192.168.2.534.149.100.209
                              Aug 19, 2024 06:04:37.098010063 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.098046064 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.103458881 CEST804976534.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.103497028 CEST804975634.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.104104042 CEST4976580192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.104127884 CEST4975680192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.105209112 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.105230093 CEST4434982252.222.236.48192.168.2.5
                              Aug 19, 2024 06:04:37.106065035 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.106213093 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.106220007 CEST4434982252.222.236.48192.168.2.5
                              Aug 19, 2024 06:04:37.111351967 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.116144896 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.116349936 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.116540909 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.121336937 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.593224049 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.598611116 CEST4982480192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.606760979 CEST804982434.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.607008934 CEST4982480192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.607259989 CEST4982480192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.612051964 CEST804982434.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.645576000 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.847141027 CEST4434982252.222.236.48192.168.2.5
                              Aug 19, 2024 06:04:37.847229958 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.851361990 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.851371050 CEST4434982252.222.236.48192.168.2.5
                              Aug 19, 2024 06:04:37.851758003 CEST4434982252.222.236.48192.168.2.5
                              Aug 19, 2024 06:04:37.854371071 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.854552031 CEST49822443192.168.2.552.222.236.48
                              Aug 19, 2024 06:04:37.868788958 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.868830919 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:37.877509117 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.877698898 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.877713919 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:37.878659010 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.878665924 CEST4434982635.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:37.884155035 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.884768963 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.884921074 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.884932041 CEST4434982635.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:37.888978004 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.896078110 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.896111012 CEST4434982735.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:37.896234035 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.896395922 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:37.896409035 CEST4434982735.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:37.984580040 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.985294104 CEST4982480192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.988503933 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.990679979 CEST804982434.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.991015911 CEST4982480192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.993258953 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:37.993335009 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.993496895 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:37.998224974 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:38.031163931 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:38.349956036 CEST4434982635.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.352530003 CEST4434982735.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.353075027 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.353075027 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.357425928 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.357434034 CEST4434982635.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.357686996 CEST4434982635.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.360924959 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.360932112 CEST4434982735.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.361251116 CEST4434982735.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.365642071 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.365757942 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.365787983 CEST4434982635.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.367378950 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.367470026 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.367556095 CEST4434982735.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.367806911 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.367841959 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.370542049 CEST49826443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.370558977 CEST49827443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.370611906 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.374557972 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.374569893 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.374864101 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.378304005 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.378415108 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.378479004 CEST4434982535.244.181.201192.168.2.5
                              Aug 19, 2024 06:04:38.378634930 CEST49825443192.168.2.535.244.181.201
                              Aug 19, 2024 06:04:38.381361008 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:38.386116028 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:38.479464054 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:38.481873989 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:38.484906912 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:38.489692926 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:38.532682896 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:38.589617968 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:38.632951021 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:46.346950054 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.347033024 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:46.347656965 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.348006964 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.348040104 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:46.991626978 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:46.991955042 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.991998911 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:46.992508888 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:46.992996931 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.993088007 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:46.993216038 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.993249893 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:46.993261099 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:47.038230896 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:47.183619022 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:47.183870077 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:47.184606075 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:47.184606075 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:47.470731974 CEST49830443192.168.2.5172.217.16.206
                              Aug 19, 2024 06:04:47.470766068 CEST44349830172.217.16.206192.168.2.5
                              Aug 19, 2024 06:04:48.489837885 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:48.494797945 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:48.589968920 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:48.594923973 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:51.488739014 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:51.488779068 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:51.488845110 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:51.489181042 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:51.489192009 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.195827961 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.195947886 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.199414015 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.199419975 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.199811935 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.207674980 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.252496958 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.466718912 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.466809034 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.466851950 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.467087030 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.467101097 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.467180014 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.467478037 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.467520952 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.468230009 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.469512939 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.469556093 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.470889091 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.470909119 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:52.470920086 CEST49831443192.168.2.513.85.23.86
                              Aug 19, 2024 06:04:52.470926046 CEST4434983113.85.23.86192.168.2.5
                              Aug 19, 2024 06:04:58.504937887 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:58.509735107 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:58.597086906 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:04:58.602097988 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:04:59.927560091 CEST49775443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:59.927587986 CEST44349775172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:59.927607059 CEST49776443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:59.927630901 CEST44349776172.64.41.3192.168.2.5
                              Aug 19, 2024 06:05:03.939636946 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:03.939692974 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:03.939934015 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:03.940655947 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:03.940675020 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.142580032 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.142658949 CEST4434983534.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.142812014 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.142961979 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.143011093 CEST4434983534.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.278274059 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.278381109 CEST4434983634.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.278803110 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.279040098 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.279073954 CEST4434983634.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.432622910 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.433052063 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:04.433069944 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.434174061 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.435959101 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:04.436146975 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.436166048 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:04.480510950 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.488106012 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:04.582824945 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.582882881 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.583565950 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.586848974 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:04.587259054 CEST49834443192.168.2.523.219.161.132
                              Aug 19, 2024 06:05:04.587294102 CEST4434983423.219.161.132192.168.2.5
                              Aug 19, 2024 06:05:04.614938974 CEST4434983534.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.615402937 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.619816065 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.619853973 CEST4434983534.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.620249033 CEST4434983534.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.624037981 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.624131918 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.624233961 CEST4434983534.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.624330997 CEST49835443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.767163992 CEST4434983634.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.767258883 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.771450043 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.771472931 CEST4434983634.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.772234917 CEST4434983634.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.774705887 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.774807930 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.775085926 CEST4434983634.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:04.775183916 CEST49836443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:04.808614016 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:04.813426971 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:04.908817053 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:04.957354069 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.086236954 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.086292982 CEST4434983734.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.088969946 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.089101076 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.089126110 CEST4434983734.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.170960903 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.173916101 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.173953056 CEST4434983834.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.174087048 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.174259901 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.174283981 CEST4434983834.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.175818920 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.242017031 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.242089033 CEST4434983934.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.242659092 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.242822886 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.242855072 CEST4434983934.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.273317099 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.327290058 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.571171045 CEST4434983734.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.571297884 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.574598074 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.574615002 CEST4434983734.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.574990034 CEST4434983734.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.577200890 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.577334881 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.577383995 CEST4434983734.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.577696085 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.577723980 CEST49837443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.615380049 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.620233059 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.659466028 CEST4434983834.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.660861015 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.663969994 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.663984060 CEST4434983834.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.664320946 CEST4434983834.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.667989016 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.668087006 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.668183088 CEST4434983834.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.668253899 CEST49838443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.709615946 CEST4434983934.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.709707022 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.713172913 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.713193893 CEST4434983934.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.713570118 CEST4434983934.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.716010094 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.716761112 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.716866016 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.716969967 CEST4434983934.120.208.123192.168.2.5
                              Aug 19, 2024 06:05:05.717036963 CEST49839443192.168.2.534.120.208.123
                              Aug 19, 2024 06:05:05.759742975 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.816127062 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.816868067 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.820924044 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.821643114 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.916655064 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.921547890 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:05.960505962 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:05.976042986 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:06.008668900 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:06.013776064 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:06.111363888 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:06.155122042 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:15.930277109 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:15.935226917 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:16.117841005 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:16.122762918 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:25.942095995 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:25.946943045 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:26.130140066 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:26.134975910 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:35.959640026 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:35.964487076 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:36.137582064 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:36.142417908 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:45.965538979 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:45.970537901 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:46.150479078 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:46.155445099 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:55.974872112 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:55.979876995 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:05:56.163295031 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:05:56.169862032 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.119936943 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.126286030 CEST804982334.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.129132032 CEST4982380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.140085936 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.140108109 CEST4434984535.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.140568018 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.140681982 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.140693903 CEST4434984535.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.142910004 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.147722006 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.157433033 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.163065910 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.167871952 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.193444967 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.193464994 CEST4434984734.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.193845034 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.195341110 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.195352077 CEST4434984734.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.196739912 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.196747065 CEST4434984834.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.197525024 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.198894978 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.198904037 CEST4434984834.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.244641066 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.244667053 CEST4434984934.160.144.191192.168.2.5
                              Aug 19, 2024 06:06:02.246954918 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.247111082 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.247121096 CEST4434984934.160.144.191192.168.2.5
                              Aug 19, 2024 06:06:02.322473049 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.322519064 CEST4434985135.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.324630022 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.324825048 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.324853897 CEST4434985135.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.444514990 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.444525003 CEST4434985234.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.445852995 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.447441101 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.447451115 CEST4434985234.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.486629963 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.486707926 CEST4434985334.149.100.209192.168.2.5
                              Aug 19, 2024 06:06:02.489624023 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.491070986 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.491106987 CEST4434985334.149.100.209192.168.2.5
                              Aug 19, 2024 06:06:02.591831923 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:02.591880083 CEST4434985434.107.243.93192.168.2.5
                              Aug 19, 2024 06:06:02.606048107 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:02.610568047 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:02.610579967 CEST4434985434.107.243.93192.168.2.5
                              Aug 19, 2024 06:06:02.612945080 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.620373964 CEST4434984535.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.621174097 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.624306917 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.624325037 CEST4434984535.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.624664068 CEST4434984535.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.663090944 CEST4434984734.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.667037010 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.667062998 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.667095900 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.684679031 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.684757948 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.685077906 CEST4434984535.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.687707901 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.687720060 CEST4434984734.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.687819958 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.687911987 CEST4434984734.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.688766003 CEST49845443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.688788891 CEST49847443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.707165003 CEST4434984834.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.712094069 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.713862896 CEST4434984934.160.144.191192.168.2.5
                              Aug 19, 2024 06:06:02.716727018 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.716736078 CEST4434984834.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.716826916 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.716960907 CEST4434984834.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.722337008 CEST49848443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.722700119 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.725264072 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.725270033 CEST4434984934.160.144.191192.168.2.5
                              Aug 19, 2024 06:06:02.725461006 CEST4434984934.160.144.191192.168.2.5
                              Aug 19, 2024 06:06:02.727888107 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.727961063 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.728010893 CEST4434984934.160.144.191192.168.2.5
                              Aug 19, 2024 06:06:02.728111029 CEST49849443192.168.2.534.160.144.191
                              Aug 19, 2024 06:06:02.741640091 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.746501923 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.787929058 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.788459063 CEST4985580192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.793174028 CEST804982834.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.793288946 CEST804985534.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.793560982 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.793605089 CEST4434985634.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.804039955 CEST4982880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.804086924 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.804095984 CEST4985580192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.804313898 CEST4985580192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.805797100 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:02.805813074 CEST4434985634.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:02.809063911 CEST804985534.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.811947107 CEST4434985135.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.819034100 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.821794987 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.821826935 CEST4434985135.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.822033882 CEST4434985135.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.824016094 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.824096918 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.824161053 CEST4434985135.244.181.201192.168.2.5
                              Aug 19, 2024 06:06:02.828074932 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.828159094 CEST49851443192.168.2.535.244.181.201
                              Aug 19, 2024 06:06:02.838187933 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.840102911 CEST4985580192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.843076944 CEST4985780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.847865105 CEST804985734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.850064993 CEST4985780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.850438118 CEST4985780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.855261087 CEST804985734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.866218090 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.871069908 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.890726089 CEST804985534.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.908308983 CEST4434985234.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.909002066 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.920085907 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.920094013 CEST4434985234.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.920183897 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.920279980 CEST4434985234.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.920897007 CEST49852443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.943581104 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.943607092 CEST4434985834.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.943957090 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.945336103 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:02.945350885 CEST4434985834.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:02.955284119 CEST4434985334.149.100.209192.168.2.5
                              Aug 19, 2024 06:06:02.962802887 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.964502096 CEST4434985334.149.100.209192.168.2.5
                              Aug 19, 2024 06:06:02.965792894 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.965792894 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.970119953 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.970136881 CEST4434985334.149.100.209192.168.2.5
                              Aug 19, 2024 06:06:02.970186949 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.970278978 CEST4434985334.149.100.209192.168.2.5
                              Aug 19, 2024 06:06:02.970766068 CEST49853443192.168.2.534.149.100.209
                              Aug 19, 2024 06:06:02.974864006 CEST4985780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.980688095 CEST4985980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.985724926 CEST804985934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.987036943 CEST4985980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.987411022 CEST4985980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:02.992161036 CEST804985934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:02.998636007 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.003436089 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.016922951 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.016956091 CEST4434986034.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.017566919 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.017713070 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.017726898 CEST4434986034.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.020347118 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.020384073 CEST4434986134.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.020505905 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.020621061 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.020632029 CEST4434986134.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.022759914 CEST804985734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.095398903 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.107072115 CEST4434985434.107.243.93192.168.2.5
                              Aug 19, 2024 06:06:03.107083082 CEST4434985434.107.243.93192.168.2.5
                              Aug 19, 2024 06:06:03.108100891 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:03.110085011 CEST4985980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.111809969 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:03.111815929 CEST4434985434.107.243.93192.168.2.5
                              Aug 19, 2024 06:06:03.111871958 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:03.111978054 CEST4434985434.107.243.93192.168.2.5
                              Aug 19, 2024 06:06:03.113110065 CEST49854443192.168.2.534.107.243.93
                              Aug 19, 2024 06:06:03.114161968 CEST4986280192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.117063999 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.118917942 CEST804986234.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.121855021 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.123042107 CEST4986280192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.123311043 CEST4986280192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.128062963 CEST804986234.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.162713051 CEST804985934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.205312967 CEST804985534.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.205475092 CEST4985580192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.212742090 CEST804985734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.213965893 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.214910984 CEST4985780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.215679884 CEST4986280192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.218523979 CEST4986380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.223316908 CEST804986334.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.223393917 CEST4986380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.223522902 CEST4986380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.228283882 CEST804986334.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.260016918 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.266833067 CEST804986234.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.291014910 CEST4434985634.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.291030884 CEST4434985634.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.292634010 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.297292948 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.297298908 CEST4434985634.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.297413111 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.297555923 CEST4434985634.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.297946930 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.297979116 CEST4434986434.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.306931019 CEST49856443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.307014942 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.308413029 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.308429003 CEST4434986434.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.352730036 CEST804985934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.353029013 CEST4985980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.409883022 CEST4434985834.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.409955025 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.413306952 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.413314104 CEST4434985834.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.413417101 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.413436890 CEST4434985834.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.415826082 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.416038990 CEST49858443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.420676947 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.428184032 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.428210974 CEST4434986534.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.428535938 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.429958105 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.429971933 CEST4434986534.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.475382090 CEST4434986034.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.475485086 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.479332924 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.479342937 CEST4434986034.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.479540110 CEST4434986034.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.481570005 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.481693029 CEST4434986034.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.481760979 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.486612082 CEST804986234.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.490053892 CEST49860443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.490075111 CEST4986280192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.512586117 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.512701035 CEST4434986134.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.520522118 CEST4434986134.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.522439957 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.522439957 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.526141882 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.526148081 CEST4434986134.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.526222944 CEST4986380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.526998997 CEST4434986134.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.529028893 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.529124022 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.529257059 CEST49861443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.531769037 CEST4986680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.535882950 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.536711931 CEST804986634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.537029028 CEST4986680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.537201881 CEST4986680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.540743113 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.541959047 CEST804986634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.574737072 CEST804986334.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.594244957 CEST804986334.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.597026110 CEST4986380192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.632539988 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.633512020 CEST4986680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.638236046 CEST4986780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.643141985 CEST804986734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.644038916 CEST4986780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.644210100 CEST4986780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.648947954 CEST804986734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.675137043 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.678761005 CEST804986634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.779484034 CEST4434986434.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.779520988 CEST4434986434.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.779557943 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.783967018 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.783981085 CEST4434986434.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.784050941 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.784342051 CEST4434986434.117.188.166192.168.2.5
                              Aug 19, 2024 06:06:03.790539026 CEST49864443192.168.2.534.117.188.166
                              Aug 19, 2024 06:06:03.792213917 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.796993017 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.889159918 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.905158997 CEST4986780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.907177925 CEST4986880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.911947012 CEST804986834.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.912036896 CEST4986880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.912151098 CEST4986880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.912611008 CEST4434986534.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.912692070 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.916027069 CEST804986634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.916451931 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.916479111 CEST4434986534.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.916594982 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.916626930 CEST4434986534.120.208.123192.168.2.5
                              Aug 19, 2024 06:06:03.916904926 CEST804986834.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.918654919 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.919122934 CEST4986680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:03.919142008 CEST49865443192.168.2.534.120.208.123
                              Aug 19, 2024 06:06:03.923537970 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:03.950736046 CEST804986734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.014446974 CEST804986734.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.015567064 CEST804984634.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.018578053 CEST4986780192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.019128084 CEST4986880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.021871090 CEST4986980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.026772976 CEST804986934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.026845932 CEST4986980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.026999950 CEST4986980192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.031946898 CEST804986934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.059063911 CEST4984680192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.070765972 CEST804986834.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.268104076 CEST804986834.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.268527031 CEST4986880192.168.2.534.107.221.82
                              Aug 19, 2024 06:06:04.661664009 CEST804986934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.694756031 CEST804986934.107.221.82192.168.2.5
                              Aug 19, 2024 06:06:04.706044912 CEST4986980192.168.2.534.107.221.82

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 19, 2024 06:03:56.508064985 CEST53555341.1.1.1192.168.2.5
                              Aug 19, 2024 06:03:56.708147049 CEST53536341.1.1.1192.168.2.5
                              Aug 19, 2024 06:03:58.024970055 CEST53601781.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:00.900898933 CEST53520021.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:03.174916029 CEST5568853192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:03.175195932 CEST6517253192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:03.947668076 CEST53643291.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:04.582954884 CEST53552471.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.626214027 CEST53628091.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.651223898 CEST6385653192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:05.651506901 CEST6008953192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:05.652179003 CEST5246253192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:05.652339935 CEST5659353192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:05.659194946 CEST53638561.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.659411907 CEST53600891.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.659806967 CEST53524621.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.659817934 CEST53565931.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.685009956 CEST6129253192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:05.685209036 CEST5283353192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:05.691488028 CEST53612921.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:05.691590071 CEST53528331.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:07.188846111 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.491489887 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.658417940 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.658438921 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.658454895 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.658514977 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.658565044 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.660196066 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.663105965 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.663228035 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.663955927 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.664186954 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.763048887 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.763062000 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.763854980 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.766418934 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.766433954 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.766760111 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.768122911 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.768265963 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.768708944 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.867518902 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:07.916479111 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.950841904 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.951154947 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.951561928 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.951967955 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.996160984 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:07.996289015 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.053616047 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.053725958 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.054323912 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.054333925 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.054635048 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.054796934 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.054908037 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.055027008 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.096879959 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.097714901 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.098087072 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.107916117 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.385757923 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.386996031 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.487684011 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.488853931 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.489815950 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.490112066 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.490292072 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.786744118 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.786947966 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.837110043 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.837212086 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.887727022 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.889627934 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.908961058 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.909327030 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:08.938651085 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.939552069 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.939637899 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:08.939798117 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:09.142184019 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.203716040 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:09.203716040 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:09.304194927 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:09.304789066 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:09.305030107 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:09.537210941 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:09.619416952 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.626013994 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.626070023 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.644613981 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:09.646166086 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.646919012 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.671557903 CEST5110453192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:09.678924084 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:09.679620981 CEST53511041.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:09.686266899 CEST5408553192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:09.694165945 CEST53540851.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:09.743715048 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.743998051 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.746114016 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.746145010 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.760222912 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.760281086 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.760324955 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.767968893 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.768116951 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.768271923 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.768615961 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.768748999 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.872325897 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.872344971 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.872356892 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.878057957 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.878114939 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.891241074 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.892417908 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:09.892498016 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.893637896 CEST65407443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:09.992896080 CEST44365407142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:10.247483015 CEST6161853192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:10.257122993 CEST6309253192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:10.264328957 CEST53630921.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:10.265677929 CEST6259553192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:10.272531986 CEST53625951.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:10.347054005 CEST53547251.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:10.533668041 CEST53602841.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:10.761254072 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:10.761873007 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:10.861948013 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:10.862926960 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:10.863004923 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:10.863667965 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:11.537540913 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:11.537540913 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:11.638361931 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:11.640346050 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:11.649313927 CEST44364788162.159.61.3192.168.2.5
                              Aug 19, 2024 06:04:11.649588108 CEST64788443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:04:12.367978096 CEST6063153192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:12.373049974 CEST6276853192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:12.373852968 CEST6321853192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:12.377453089 CEST53606311.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:12.380959034 CEST53627681.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:13.339742899 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.534420013 CEST5159753192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:13.534619093 CEST5687453192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:13.542217016 CEST53568741.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:13.545444965 CEST53515971.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:13.645824909 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.806356907 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.806372881 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.806382895 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.806394100 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.806405067 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.806952953 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.808382988 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.808685064 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.808785915 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.809055090 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.809160948 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.908313036 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.908334017 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.908343077 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.908353090 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.908363104 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.909714937 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.910829067 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.911082983 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:13.911838055 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.911901951 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:13.913817883 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:14.011683941 CEST44358511172.64.41.3192.168.2.5
                              Aug 19, 2024 06:04:14.041233063 CEST58511443192.168.2.5172.64.41.3
                              Aug 19, 2024 06:04:15.511203051 CEST53654431.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:15.618774891 CEST53598371.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:15.787229061 CEST6472753192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:15.787379980 CEST5322453192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:15.793850899 CEST53647271.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:15.794440985 CEST53532241.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:17.655128956 CEST6442653192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:17.655369043 CEST6112053192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:17.661822081 CEST53644261.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:17.661988974 CEST53611201.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:17.727686882 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:17.729151011 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.186353922 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.186409950 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.187077999 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.187151909 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.187455893 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.187469006 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.203931093 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.286556959 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.286567926 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.286576033 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.287118912 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.325423002 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.325601101 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:18.325759888 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.357366085 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:18.446209908 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:34.630590916 CEST53546761.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:36.288846970 CEST6058653192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:36.295413971 CEST53605861.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:36.298724890 CEST6457553192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:36.299606085 CEST6316053192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:36.305877924 CEST53645751.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:36.306523085 CEST6436753192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:36.306667089 CEST53631601.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:36.307177067 CEST6008153192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:36.313364983 CEST53643671.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:36.313911915 CEST53600811.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:37.094486952 CEST6309253192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:37.102304935 CEST53630921.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:37.106003046 CEST6137753192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:37.113090038 CEST53613771.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:37.114267111 CEST5155653192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:37.120831966 CEST53515561.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:38.487677097 CEST6396553192.168.2.51.1.1.1
                              Aug 19, 2024 06:04:38.853688002 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:38.936712980 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:38.966279984 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:38.966424942 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:38.966685057 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:39.004630089 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:39.046053886 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:39.046149015 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:39.046531916 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:39.081446886 CEST59908443192.168.2.5142.250.64.78
                              Aug 19, 2024 06:04:39.087646008 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:39.167404890 CEST44359908142.250.64.78192.168.2.5
                              Aug 19, 2024 06:04:55.361661911 CEST53633551.1.1.1192.168.2.5
                              Aug 19, 2024 06:04:57.464729071 CEST53576291.1.1.1192.168.2.5
                              Aug 19, 2024 06:05:02.461083889 CEST6395753192.168.2.51.1.1.1
                              Aug 19, 2024 06:05:03.185184956 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.186964035 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.187146902 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.187231064 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.368123055 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.368261099 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.634711981 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.646971941 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.647895098 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.679517984 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.735167027 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.735181093 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.735188961 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.735198021 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.735933065 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.736021042 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.747669935 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.788361073 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.835783005 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.836229086 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.937648058 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.938054085 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.938378096 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.938556910 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.938946962 CEST44360814162.159.61.3192.168.2.5
                              Aug 19, 2024 06:05:03.938980103 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.939851999 CEST60814443192.168.2.5162.159.61.3
                              Aug 19, 2024 06:05:03.941539049 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.142771006 CEST4964253192.168.2.51.1.1.1
                              Aug 19, 2024 06:05:04.149568081 CEST53496421.1.1.1192.168.2.5
                              Aug 19, 2024 06:05:04.152163029 CEST5090653192.168.2.51.1.1.1
                              Aug 19, 2024 06:05:04.159449100 CEST53509061.1.1.1192.168.2.5
                              Aug 19, 2024 06:05:04.261253119 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.392241955 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.400540113 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.400551081 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.400562048 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.400573969 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.402096987 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.404652119 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.404771090 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.501532078 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.501540899 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.501550913 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.501564980 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:04.501966000 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.502094984 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:04.598301888 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:08.886044979 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:08.887305975 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:09.379810095 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.381028891 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.381040096 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.381051064 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.381146908 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.381372929 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:09.381499052 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:09.382296085 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:09.492062092 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.492075920 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:09.492340088 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:09.518099070 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:10.730178118 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:10.859862089 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:10.888219118 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:10.920810938 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:10.920855999 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:10.920869112 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:10.921133995 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:10.921231985 CEST49587443192.168.2.5172.253.62.84
                              Aug 19, 2024 06:05:11.050690889 CEST44349587172.253.62.84192.168.2.5
                              Aug 19, 2024 06:05:23.981007099 CEST53521881.1.1.1192.168.2.5
                              Aug 19, 2024 06:05:24.499982119 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:24.538490057 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:24.999751091 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:05:25.040458918 CEST56803443192.168.2.523.44.201.15
                              Aug 19, 2024 06:05:34.500766039 CEST4435680323.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:01.313576937 CEST53574521.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.119467020 CEST5932153192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.143131971 CEST6106953192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.149805069 CEST53610691.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.157140970 CEST5798953192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.163963079 CEST53579891.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.178581953 CEST5116253192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.180222034 CEST5932653192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.185607910 CEST53511621.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.186774015 CEST53593261.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.195730925 CEST6317853192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.197387934 CEST5124953192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.202505112 CEST53631781.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.204087019 CEST53512491.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.222954988 CEST6539353192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.229628086 CEST53653931.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.230050087 CEST5754353192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.232935905 CEST5100053192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.237483025 CEST53575431.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.238532066 CEST6140053192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.240016937 CEST53510001.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.246376038 CEST5373753192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.253403902 CEST53537371.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.292000055 CEST6164153192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.298687935 CEST53616411.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.392770052 CEST53625071.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.449805975 CEST5007753192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.456391096 CEST53500771.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.468530893 CEST4981753192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.475080013 CEST53498171.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.480011940 CEST5007753192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.486674070 CEST53500771.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.512171984 CEST5394153192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.518733025 CEST53539411.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.545305967 CEST5532953192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.551950932 CEST53553291.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:02.581172943 CEST5532953192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:02.587766886 CEST53553291.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:03.433641911 CEST60172443192.168.2.523.44.201.15
                              Aug 19, 2024 06:06:03.932229042 CEST4436017223.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:03.932244062 CEST4436017223.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:03.935776949 CEST60172443192.168.2.523.44.201.15
                              Aug 19, 2024 06:06:04.032246113 CEST4436017223.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:04.032255888 CEST4436017223.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:04.032263994 CEST4436017223.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:04.056093931 CEST60172443192.168.2.523.44.201.15
                              Aug 19, 2024 06:06:04.090286970 CEST60172443192.168.2.523.44.201.15
                              Aug 19, 2024 06:06:04.162795067 CEST4436017223.44.201.15192.168.2.5
                              Aug 19, 2024 06:06:05.023595095 CEST5655953192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:05.030175924 CEST53565591.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:05.037170887 CEST5535453192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:05.060050011 CEST53553541.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:05.064126968 CEST5535453192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:05.065144062 CEST6422353192.168.2.51.1.1.1
                              Aug 19, 2024 06:06:05.071259975 CEST53553541.1.1.1192.168.2.5
                              Aug 19, 2024 06:06:05.072567940 CEST53642231.1.1.1192.168.2.5

                              ICMP Packets

                              TimestampSource IPDest IPChecksumCodeType
                              Aug 19, 2024 06:06:02.489594936 CEST192.168.2.51.1.1.1c256(Port unreachable)Destination Unreachable
                              Aug 19, 2024 06:06:05.076607943 CEST192.168.2.51.1.1.1c215(Port unreachable)Destination Unreachable

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Aug 19, 2024 06:04:03.174916029 CEST192.168.2.51.1.1.10x1d2aStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:03.175195932 CEST192.168.2.51.1.1.10x72d6Standard query (0)bzib.nelreports.net65IN (0x0001)false
                              Aug 19, 2024 06:04:05.651223898 CEST192.168.2.51.1.1.10xcf95Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.651506901 CEST192.168.2.51.1.1.10xc73dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                              Aug 19, 2024 06:04:05.652179003 CEST192.168.2.51.1.1.10x7cc9Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.652339935 CEST192.168.2.51.1.1.10x3570Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                              Aug 19, 2024 06:04:05.685009956 CEST192.168.2.51.1.1.10x29cfStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.685209036 CEST192.168.2.51.1.1.10x59e1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                              Aug 19, 2024 06:04:09.671557903 CEST192.168.2.51.1.1.10x9ef5Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:09.686266899 CEST192.168.2.51.1.1.10x3734Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:04:10.247483015 CEST192.168.2.51.1.1.10x7f7Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:10.257122993 CEST192.168.2.51.1.1.10x3cfcStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:10.265677929 CEST192.168.2.51.1.1.10x210bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:04:12.367978096 CEST192.168.2.51.1.1.10xfd7Standard query (0)example.orgA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:12.373049974 CEST192.168.2.51.1.1.10xff05Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:12.373852968 CEST192.168.2.51.1.1.10xc6b9Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:13.534420013 CEST192.168.2.51.1.1.10xb0f0Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:13.534619093 CEST192.168.2.51.1.1.10x6291Standard query (0)accounts.youtube.com65IN (0x0001)false
                              Aug 19, 2024 06:04:15.787229061 CEST192.168.2.51.1.1.10x90c5Standard query (0)play.google.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:15.787379980 CEST192.168.2.51.1.1.10x859eStandard query (0)play.google.com65IN (0x0001)false
                              Aug 19, 2024 06:04:17.655128956 CEST192.168.2.51.1.1.10x6929Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:17.655369043 CEST192.168.2.51.1.1.10xc593Standard query (0)www.google.com65IN (0x0001)false
                              Aug 19, 2024 06:04:36.288846970 CEST192.168.2.51.1.1.10xd109Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:36.298724890 CEST192.168.2.51.1.1.10xa36eStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:36.299606085 CEST192.168.2.51.1.1.10x96bfStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:36.306523085 CEST192.168.2.51.1.1.10x62bcStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:04:36.307177067 CEST192.168.2.51.1.1.10x57f8Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:04:37.094486952 CEST192.168.2.51.1.1.10x311eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.106003046 CEST192.168.2.51.1.1.10x2706Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.114267111 CEST192.168.2.51.1.1.10xa477Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                              Aug 19, 2024 06:04:38.487677097 CEST192.168.2.51.1.1.10xe7b3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:02.461083889 CEST192.168.2.51.1.1.10x83b5Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:04.142771006 CEST192.168.2.51.1.1.10x131cStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:04.152163029 CEST192.168.2.51.1.1.10x5372Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                              Aug 19, 2024 06:06:02.119467020 CEST192.168.2.51.1.1.10xb120Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.143131971 CEST192.168.2.51.1.1.10x3c9aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.157140970 CEST192.168.2.51.1.1.10x274dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.178581953 CEST192.168.2.51.1.1.10xac8fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:06:02.180222034 CEST192.168.2.51.1.1.10xa420Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.195730925 CEST192.168.2.51.1.1.10x329eStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.197387934 CEST192.168.2.51.1.1.10x9c1aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.222954988 CEST192.168.2.51.1.1.10xfc6eStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                              Aug 19, 2024 06:06:02.230050087 CEST192.168.2.51.1.1.10x8674Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.232935905 CEST192.168.2.51.1.1.10x5691Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:06:02.238532066 CEST192.168.2.51.1.1.10x4ea9Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.246376038 CEST192.168.2.51.1.1.10x46c2Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.292000055 CEST192.168.2.51.1.1.10xd56cStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:06:02.449805975 CEST192.168.2.51.1.1.10xf595Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                              Aug 19, 2024 06:06:02.468530893 CEST192.168.2.51.1.1.10x6cbStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.480011940 CEST192.168.2.51.1.1.10xf595Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                              Aug 19, 2024 06:06:02.512171984 CEST192.168.2.51.1.1.10x267eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.545305967 CEST192.168.2.51.1.1.10xd51cStandard query (0)push.services.mozilla.com28IN (0x0001)false
                              Aug 19, 2024 06:06:02.581172943 CEST192.168.2.51.1.1.10xd51cStandard query (0)push.services.mozilla.com28IN (0x0001)false
                              Aug 19, 2024 06:06:05.023595095 CEST192.168.2.51.1.1.10xf7e3Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:05.037170887 CEST192.168.2.51.1.1.10xdefbStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:05.064126968 CEST192.168.2.51.1.1.10xdefbStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:05.065144062 CEST192.168.2.51.1.1.10xac6bStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Aug 19, 2024 06:04:02.066215992 CEST1.1.1.1192.168.2.50x37ebNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:02.066658020 CEST1.1.1.1192.168.2.50xdbd6No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:02.066658020 CEST1.1.1.1192.168.2.50xdbd6No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:03.181969881 CEST1.1.1.1192.168.2.50x1d2aNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:03.182003021 CEST1.1.1.1192.168.2.50x72d6No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:05.659194946 CEST1.1.1.1192.168.2.50xcf95No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.659194946 CEST1.1.1.1192.168.2.50xcf95No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.659411907 CEST1.1.1.1192.168.2.50xc73dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                              Aug 19, 2024 06:04:05.659806967 CEST1.1.1.1192.168.2.50x7cc9No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.659806967 CEST1.1.1.1192.168.2.50x7cc9No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.659817934 CEST1.1.1.1192.168.2.50x3570No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                              Aug 19, 2024 06:04:05.691488028 CEST1.1.1.1192.168.2.50x29cfNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.691488028 CEST1.1.1.1192.168.2.50x29cfNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:05.691590071 CEST1.1.1.1192.168.2.50x59e1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                              Aug 19, 2024 06:04:09.649310112 CEST1.1.1.1192.168.2.50xf748No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:09.679620981 CEST1.1.1.1192.168.2.50x9ef5No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:10.254167080 CEST1.1.1.1192.168.2.50x7f7No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:10.254167080 CEST1.1.1.1192.168.2.50x7f7No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:10.264328957 CEST1.1.1.1192.168.2.50x3cfcNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:10.272531986 CEST1.1.1.1192.168.2.50x210bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:04:12.377453089 CEST1.1.1.1192.168.2.50xfd7No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:12.380959034 CEST1.1.1.1192.168.2.50xff05No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:12.380959034 CEST1.1.1.1192.168.2.50xff05No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:12.380970001 CEST1.1.1.1192.168.2.50xc6b9No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:12.380970001 CEST1.1.1.1192.168.2.50xc6b9No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:13.542217016 CEST1.1.1.1192.168.2.50x6291No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:13.545444965 CEST1.1.1.1192.168.2.50xb0f0No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:13.545444965 CEST1.1.1.1192.168.2.50xb0f0No error (0)www3.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:15.793850899 CEST1.1.1.1192.168.2.50x90c5No error (0)play.google.com172.217.16.206A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:17.661822081 CEST1.1.1.1192.168.2.50x6929No error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:17.661988974 CEST1.1.1.1192.168.2.50xc593No error (0)www.google.com65IN (0x0001)false
                              Aug 19, 2024 06:04:36.295413971 CEST1.1.1.1192.168.2.50xd109No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:36.295413971 CEST1.1.1.1192.168.2.50xd109No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:36.298223972 CEST1.1.1.1192.168.2.50x1e7dNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:36.298223972 CEST1.1.1.1192.168.2.50x1e7dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:36.305877924 CEST1.1.1.1192.168.2.50xa36eNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:36.306667089 CEST1.1.1.1192.168.2.50x96bfNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.102304935 CEST1.1.1.1192.168.2.50x311eNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.102304935 CEST1.1.1.1192.168.2.50x311eNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.102304935 CEST1.1.1.1192.168.2.50x311eNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.102304935 CEST1.1.1.1192.168.2.50x311eNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.113090038 CEST1.1.1.1192.168.2.50x2706No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.113090038 CEST1.1.1.1192.168.2.50x2706No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.113090038 CEST1.1.1.1192.168.2.50x2706No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.113090038 CEST1.1.1.1192.168.2.50x2706No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:37.892146111 CEST1.1.1.1192.168.2.50xb49No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:37.892146111 CEST1.1.1.1192.168.2.50xb49No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:04:38.395207882 CEST1.1.1.1192.168.2.50x6f39No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:38.395207882 CEST1.1.1.1192.168.2.50x6f39No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:38.494296074 CEST1.1.1.1192.168.2.50xe7b3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:04:38.494296074 CEST1.1.1.1192.168.2.50xe7b3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:02.467989922 CEST1.1.1.1192.168.2.50x83b5No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:05:02.467989922 CEST1.1.1.1192.168.2.50x83b5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:04.140120983 CEST1.1.1.1192.168.2.50xa171No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:04.149568081 CEST1.1.1.1192.168.2.50x131cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:05:04.163575888 CEST1.1.1.1192.168.2.50x63bcNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.126992941 CEST1.1.1.1192.168.2.50xb120No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:02.126992941 CEST1.1.1.1192.168.2.50xb120No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.129736900 CEST1.1.1.1192.168.2.50x3cbaNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:02.129736900 CEST1.1.1.1192.168.2.50x3cbaNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.149805069 CEST1.1.1.1192.168.2.50x3c9aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.163963079 CEST1.1.1.1192.168.2.50x274dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.186774015 CEST1.1.1.1192.168.2.50xa420No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:02.186774015 CEST1.1.1.1192.168.2.50xa420No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.202505112 CEST1.1.1.1192.168.2.50x329eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.204087019 CEST1.1.1.1192.168.2.50x9c1aNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.237483025 CEST1.1.1.1192.168.2.50x8674No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:02.237483025 CEST1.1.1.1192.168.2.50x8674No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:02.237483025 CEST1.1.1.1192.168.2.50x8674No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.245569944 CEST1.1.1.1192.168.2.50x4ea9No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:02.253403902 CEST1.1.1.1192.168.2.50x46c2No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.298687935 CEST1.1.1.1192.168.2.50xd56cNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                              Aug 19, 2024 06:06:02.432212114 CEST1.1.1.1192.168.2.50xa4c0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.475080013 CEST1.1.1.1192.168.2.50x6cbNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.518733025 CEST1.1.1.1192.168.2.50x267eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:02.939491987 CEST1.1.1.1192.168.2.50xcb63No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:05.030175924 CEST1.1.1.1192.168.2.50xf7e3No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:05.030175924 CEST1.1.1.1192.168.2.50xf7e3No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                              Aug 19, 2024 06:06:05.030175924 CEST1.1.1.1192.168.2.50xf7e3No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:05.060050011 CEST1.1.1.1192.168.2.50xdefbNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                              Aug 19, 2024 06:06:05.071259975 CEST1.1.1.1192.168.2.50xdefbNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • api.edgeoffer.microsoft.com
                              • chrome.cloudflare-dns.com
                              • fs.microsoft.com
                              • clients2.googleusercontent.com
                              • https:
                                • accounts.youtube.com
                                • www.google.com
                                • www.bing.com
                                • play.google.com
                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                              • edgeassetservice.azureedge.net
                              • slscr.update.microsoft.com
                              • detectportal.firefox.com

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.54975634.107.221.82807252C:\Program Files\Mozilla Firefox\firefox.exe
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:04:10.262619972 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:04:10.737289906 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 13:05:32 GMT
                              Age: 53918
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:04:20.743570089 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:04:30.757091999 CEST6OUTData Raw: 00
                              Data Ascii:


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.54976534.107.221.82807252C:\Program Files\Mozilla Firefox\firefox.exe
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:04:12.390511990 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:04:12.853684902 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 13:29:26 GMT
                              Age: 52486
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:04:22.866524935 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:04:32.879054070 CEST6OUTData Raw: 00
                              Data Ascii:


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.54982334.107.221.82807252C:\Program Files\Mozilla Firefox\firefox.exe
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:04:37.116540909 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:04:37.593224049 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38650
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:04:37.884155035 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:04:37.984580040 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38650
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:04:38.381361008 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:04:38.481873989 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38651
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:04:48.489837885 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:04:58.504937887 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:04.808614016 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:05:04.908817053 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38677
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:05:05.615380049 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:05:05.716010094 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38678
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:05:05.816868067 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:05:05.916655064 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38678
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:05:15.930277109 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:25.942095995 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:35.959640026 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:45.965538979 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:55.974872112 CEST6OUTData Raw: 00
                              Data Ascii:


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.54982434.107.221.82807252C:\Program Files\Mozilla Firefox\firefox.exe
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:04:37.607259989 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.54982834.107.221.82807252C:\Program Files\Mozilla Firefox\firefox.exe
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:04:37.993496895 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:04:38.479464054 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 22:14:36 GMT
                              Age: 21002
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:04:38.484906912 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:04:38.589617968 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 22:14:36 GMT
                              Age: 21002
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:04:48.589968920 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:04:58.597086906 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:05.170960903 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:05:05.273317099 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 22:14:36 GMT
                              Age: 21029
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:05:05.816127062 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:05:05.921547890 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 22:14:36 GMT
                              Age: 21029
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:05:06.008668900 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:05:06.111363888 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 22:14:36 GMT
                              Age: 21030
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:05:16.117841005 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:26.130140066 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:36.137582064 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:46.150479078 CEST6OUTData Raw: 00
                              Data Ascii:
                              Aug 19, 2024 06:05:56.163295031 CEST6OUTData Raw: 00
                              Data Ascii:


                              Session IDSource IPSource PortDestination IPDestination Port
                              5192.168.2.54984634.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:02.163065910 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:02.612945080 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38735
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:02.741640091 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:02.838187933 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38735
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:02.866218090 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:02.962802887 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38735
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:02.998636007 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:03.095398903 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38736
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:03.117063999 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:03.213965893 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38736
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:03.415826082 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:03.512586117 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38736
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:03.535882950 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:03.632539988 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38736
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:03.792213917 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:03.889159918 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38736
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                              Aug 19, 2024 06:06:03.918654919 CEST303OUTGET /canonical.html HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Connection: keep-alive
                              Aug 19, 2024 06:06:04.015567064 CEST298INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 90
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 17:20:27 GMT
                              Age: 38736
                              Content-Type: text/html
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                              Session IDSource IPSource PortDestination IPDestination Port
                              6192.168.2.54985534.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:02.804313898 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.54985734.107.221.82807944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:02.850438118 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              8192.168.2.54985934.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:02.987411022 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              9192.168.2.54986234.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:03.123311043 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              10192.168.2.54986334.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:03.223522902 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              11192.168.2.54986634.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:03.537201881 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              12192.168.2.54986734.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:03.644210100 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              13192.168.2.54986834.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:03.912151098 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache


                              Session IDSource IPSource PortDestination IPDestination Port
                              14192.168.2.54986934.107.221.8280
                              TimestampBytes transferredDirectionData
                              Aug 19, 2024 06:06:04.026999950 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                              Host: detectportal.firefox.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                              Accept: */*
                              Accept-Language: en-US,en;q=0.5
                              Accept-Encoding: gzip, deflate
                              Connection: keep-alive
                              Pragma: no-cache
                              Cache-Control: no-cache
                              Aug 19, 2024 06:06:04.661664009 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 13:29:26 GMT
                              Age: 52598
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success
                              Aug 19, 2024 06:06:04.694756031 CEST216INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Length: 8
                              Via: 1.1 google
                              Date: Sun, 18 Aug 2024 13:29:26 GMT
                              Age: 52598
                              Content-Type: text/plain
                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                              Data Raw: 73 75 63 63 65 73 73 0a
                              Data Ascii: success


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.54972294.245.104.564437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:02 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                              Host: api.edgeoffer.microsoft.com
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:03 UTC725INHTTP/1.1 200 OK
                              Content-Length: 0
                              Connection: close
                              Content-Type: application/x-protobuf; charset=utf-8
                              Date: Mon, 19 Aug 2024 04:04:02 GMT
                              Server: Microsoft-IIS/10.0
                              Set-Cookie: ARRAffinity=0f934038fa87e90eb992a83facec7a5a1ba6d85c0e53ab05afbf34221994a4ed;Path=/;HttpOnly;Domain=api.edgeoffer.microsoft.com
                              Set-Cookie: ARRAffinity=9abdbd5b78a381dd725259cea1c6bbae9a0ace202d10a3de203c265ae51fd2a1;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                              Set-Cookie: ARRAffinitySameSite=9abdbd5b78a381dd725259cea1c6bbae9a0ace202d10a3de203c265ae51fd2a1;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                              Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                              X-Powered-By: ASP.NET


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.549732184.28.90.27443
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:05 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-08-19 04:04:05 UTC466INHTTP/1.1 200 OK
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (lpl/EF70)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-neu-z1
                              Cache-Control: public, max-age=35602
                              Date: Mon, 19 Aug 2024 04:04:05 GMT
                              Connection: close
                              X-CID: 2


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.549735172.64.41.34437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:06 UTC245OUTPOST /dns-query HTTP/1.1
                              Host: chrome.cloudflare-dns.com
                              Connection: keep-alive
                              Content-Length: 128
                              Accept: application/dns-message
                              Accept-Language: *
                              User-Agent: Chrome
                              Accept-Encoding: identity
                              Content-Type: application/dns-message
                              2024-08-19 04:04:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)TP
                              2024-08-19 04:04:06 UTC247INHTTP/1.1 200 OK
                              Server: cloudflare
                              Date: Mon, 19 Aug 2024 04:04:06 GMT
                              Content-Type: application/dns-message
                              Connection: close
                              Access-Control-Allow-Origin: *
                              Content-Length: 468
                              CF-RAY: 8b5741f2d86041e3-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-19 04:04:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e0 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom c)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.549734162.159.61.34437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:06 UTC245OUTPOST /dns-query HTTP/1.1
                              Host: chrome.cloudflare-dns.com
                              Connection: keep-alive
                              Content-Length: 128
                              Accept: application/dns-message
                              Accept-Language: *
                              User-Agent: Chrome
                              Accept-Encoding: identity
                              Content-Type: application/dns-message
                              2024-08-19 04:04:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)TP
                              2024-08-19 04:04:06 UTC247INHTTP/1.1 200 OK
                              Server: cloudflare
                              Date: Mon, 19 Aug 2024 04:04:06 GMT
                              Content-Type: application/dns-message
                              Connection: close
                              Access-Control-Allow-Origin: *
                              Content-Length: 468
                              CF-RAY: 8b5741f2db0f8c83-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-19 04:04:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcomPc)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.549736162.159.61.34437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:06 UTC245OUTPOST /dns-query HTTP/1.1
                              Host: chrome.cloudflare-dns.com
                              Connection: keep-alive
                              Content-Length: 128
                              Accept: application/dns-message
                              Accept-Language: *
                              User-Agent: Chrome
                              Accept-Encoding: identity
                              Content-Type: application/dns-message
                              2024-08-19 04:04:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)TP
                              2024-08-19 04:04:06 UTC247INHTTP/1.1 200 OK
                              Server: cloudflare
                              Date: Mon, 19 Aug 2024 04:04:06 GMT
                              Content-Type: application/dns-message
                              Connection: close
                              Access-Control-Allow-Origin: *
                              Content-Length: 468
                              CF-RAY: 8b5741f2ff514307-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-19 04:04:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 15 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom c)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.549742184.28.90.27443
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:07 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                              Range: bytes=0-2147483646
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-08-19 04:04:07 UTC514INHTTP/1.1 200 OK
                              ApiVersion: Distribute 1.1
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (lpl/EF06)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-weu-z1
                              Cache-Control: public, max-age=45649
                              Date: Mon, 19 Aug 2024 04:04:07 GMT
                              Content-Length: 55
                              Connection: close
                              X-CID: 2
                              2024-08-19 04:04:07 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.549746142.251.40.2254437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:08 UTC594OUTGET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                              Host: clients2.googleusercontent.com
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:08 UTC573INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Content-Length: 135751
                              X-GUploader-UploadID: AHxI1nMoxNPqC4gciVAYzHuQKG03T5TbA2qoP45rky-5DGMZSHhd4L08-JIiEBAsL13-QNMDMWR6Ru6z-g
                              X-Goog-Hash: crc32c=IDdmTg==
                              Server: UploadServer
                              Date: Sun, 18 Aug 2024 15:56:45 GMT
                              Expires: Mon, 18 Aug 2025 15:56:45 GMT
                              Cache-Control: public, max-age=31536000
                              Age: 43643
                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                              Content-Type: application/x-chrome-extension
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2024-08-19 04:04:08 UTC817INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                              2024-08-19 04:04:08 UTC1390INData Raw: fd c7 0f 59 dd ca cf cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d
                              Data Ascii: Y0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>
                              2024-08-19 04:04:08 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad
                              Data Ascii: xPd]DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewW
                              2024-08-19 04:04:08 UTC1390INData Raw: d9 73 4a e4 91 70 9d a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d
                              Data Ascii: sJp:fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~
                              2024-08-19 04:04:08 UTC1390INData Raw: 58 f0 77 67 86 f4 73 f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb
                              Data Ascii: Xwgs9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:
                              2024-08-19 04:04:08 UTC1390INData Raw: 4d 15 00 a4 81 86 68 ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a
                              Data Ascii: Mh3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:
                              2024-08-19 04:04:08 UTC1390INData Raw: a0 8e 2c ba 65 e8 66 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82
                              Data Ascii: ,ef4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$
                              2024-08-19 04:04:08 UTC1390INData Raw: 3f ec fa 62 d7 ae 70 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12
                              Data Ascii: ?bpnh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u
                              2024-08-19 04:04:08 UTC1390INData Raw: f9 d6 22 50 e1 7c 45 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39
                              Data Ascii: "P|E'3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9
                              2024-08-19 04:04:08 UTC1390INData Raw: 4e 57 c1 ef e1 60 9a 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f
                              Data Ascii: NW`^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gOD


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.549747142.251.40.2384437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:08 UTC1081OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1779012916&timestamp=1724040247233 HTTP/1.1
                              Host: accounts.youtube.com
                              Connection: keep-alive
                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-arch: "x86"
                              sec-ch-ua-platform: "Windows"
                              sec-ch-ua-platform-version: "10.0.0"
                              sec-ch-ua-model: ""
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-Dest: iframe
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:08 UTC1962INHTTP/1.1 200 OK
                              Content-Type: text/html; charset=utf-8
                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                              Content-Security-Policy: script-src 'report-sample' 'nonce-4keOkBdc2-wSjI8AfR26jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                              Date: Mon, 19 Aug 2024 04:04:08 GMT
                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy: same-origin
                              reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjMtDikmJw15BikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdiIR6OHR3d29gEdqyeuZxJSS8pvzA-MyU1rySzpDIlPzcxMy85Pz87M7W4OLWoLLUo3sjAyMTAwtBQz8AivsAAAINgKp4"
                              Server: ESF
                              X-XSS-Protection: 0
                              X-Content-Type-Options: nosniff
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-08-19 04:04:08 UTC1962INData Raw: 37 36 35 66 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 34 6b 65 4f 6b 42 64 63 32 2d 77 53 6a 49 38 41 66 52 32 36 6a 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                              Data Ascii: 765f<html><head><script nonce="4keOkBdc2-wSjI8AfR26jg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                              2024-08-19 04:04:08 UTC1962INData Raw: 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6b 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29
                              Data Ascii: (d){return d in b})]||""}},qa=function(a){var b=fa();if(a==="Internet Explorer"){if(ka())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1])
                              2024-08-19 04:04:08 UTC1962INData Raw: 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 0a 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a 7b 63 3d 61 3b 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 65 29 7b 76 61 72 20 66 3d 65 2d 31 3b 69 66 28 77 61 28 63 5b 66 5d
                              Data Ascii: ){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:{c=a;var e=c.length;if(e){var f=e-1;if(wa(c[f]
                              2024-08-19 04:04:08 UTC1962INData Raw: 3a 62 29 3b 69 66 28 61 3d 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 66 3d 62 5b 61 2d 31 5d 2c 68 3d 77 61 28 66 29 3b 68 3f 61 2d 2d 3a 66 3d 76 6f 69 64 20 30 3b 65 3d 2b 21 21 28 65 26 35 31 32 29 2d 31 3b 76 61 72 20 67 3d 62 3b 69 66 28 68 29 7b 62 3a 7b 76 61 72 20 6b 3d 66 3b 76 61 72 20 6c 3d 7b 7d 3b 68 3d 21 31 3b 69 66 28 6b 29 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 6b 29 69 66 28 69 73 4e 61 4e 28 2b 6d 29 29 6c 5b 6d 5d 3d 6b 5b 6d 5d 3b 65 6c 73 65 7b 76 61 72 20 71 3d 6b 5b 6d 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 71 29 26 26 28 41 28 71 2c 64 2c 0a 2b 6d 29 7c 7c 76 61 28 71 29 26 26 71 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 71 3d 6e 75 6c 6c 29 3b 71 3d 3d 6e 75 6c 6c 26 26 28 68 3d 21 30 29 3b 71 21 3d 6e 75 6c 6c 26 26 28 6c
                              Data Ascii: :b);if(a=b.length){var f=b[a-1],h=wa(f);h?a--:f=void 0;e=+!!(e&512)-1;var g=b;if(h){b:{var k=f;var l={};h=!1;if(k)for(var m in k)if(isNaN(+m))l[m]=k[m];else{var q=k[m];Array.isArray(q)&&(A(q,d,+m)||va(q)&&q.size===0)&&(q=null);q==null&&(h=!0);q!=null&&(l
                              2024-08-19 04:04:08 UTC1962INData Raw: 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 45 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 51 61 28 4e 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 47 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22
                              Data Ascii: n"&&typeof d.prototype[a]!="function"&&E(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Qa(Na(this))}})}return a});var Qa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},G=function(a){var b=typeof Symbol!="
                              2024-08-19 04:04:08 UTC1962INData Raw: 28 6b 29 3b 69 66 28 21 48 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 26 26 48 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 48 28 6b 2c 66 29 26 26 48 28 6b 5b 66
                              Data Ascii: (k);if(!H(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&H(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&H(k,f)&&H(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&H(k,f)&&H(k[f
                              2024-08-19 04:04:08 UTC1962INData Raw: 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 48 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61
                              Data Ascii: l=="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&H(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){va
                              2024-08-19 04:04:08 UTC1962INData Raw: 68 3d 30 3b 68 3c 66 3b 68 2b 2b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 62 5b 68 5d 2c 68 29 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 3b 46 28 22 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 5a 61 3d 5a 61 7c 7c 7b 7d 2c 72 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 61 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 24 61 28 22 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 2e 6f 78 4e 33 6e 62 22 29 3b 61 3d 63 26 26 63 5b 61 5d 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 3f 61 3a 62 7d 2c 49 3d 72 2e 5f
                              Data Ascii: h=0;h<f;h++)e.push(c.call(d,b[h],h));return e}});F("Number.isNaN",function(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var Za=Za||{},r=this||self,ab=function(a,b){var c=$a("WIZ_global_data.oxN3nb");a=c&&c[a];return a!=null?a:b},I=r._
                              2024-08-19 04:04:08 UTC1962INData Raw: 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 7d 3b 76 61 72 20 63 61 3d 22 63 6f 6e 73 74 72 75 63 74 6f 72 20 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 20 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 20 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 20 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 20 74 6f 53 74 72 69 6e 67 20 76 61 6c 75 65 4f 66 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 76 61 72 20 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 72 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66
                              Data Ascii: h,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)};var ca="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf".split(" ");var jb=function(a,b,c){c=c||r;var d=c.onerror,e=!!b;c.onerror=f
                              2024-08-19 04:04:08 UTC1962INData Raw: 65 3d 30 3b 64 26 26 65 3c 64 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 65 3e 30 26 26 63 2e 70 75 73 68 28 22 2c 20 22 29 3b 76 61 72 20 66 3d 64 5b 65 5d 3b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 66 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 66 3d 66 3f 22 6f 62 6a 65 63 74 22 3a 22 6e 75 6c 6c 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 6c 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a
                              Data Ascii: e=0;d&&e<d.length;e++){e>0&&c.push(", ");var f=d[e];switch(typeof f){case "object":f=f?"object":"null";break;case "string":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=lb(f))?f:"[fn]";break;default:f=


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.549749142.250.64.784437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:08 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Accept: */*
                              Access-Control-Request-Method: POST
                              Access-Control-Request-Headers: x-goog-authuser
                              Origin: https://accounts.google.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:09 UTC520INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                              Access-Control-Max-Age: 86400
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:09 GMT
                              Server: Playlog
                              Content-Length: 0
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.549750142.250.64.784437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:08 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Accept: */*
                              Access-Control-Request-Method: POST
                              Access-Control-Request-Headers: x-goog-authuser
                              Origin: https://accounts.google.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:09 UTC520INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                              Access-Control-Max-Age: 86400
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:09 GMT
                              Server: Playlog
                              Content-Length: 0
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.549751152.195.19.974437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:09 UTC622OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1724645043&P2=404&P3=2&P4=KoE50OYefIuH%2fS%2by%2buJIWJ7XkyB8akZ0NPPJ4pVsisGfEitcaIrwpVYQX9ktIf%2fIzEm6vdfSjHV%2biRZRgNasJg%3d%3d HTTP/1.1
                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                              Connection: keep-alive
                              MS-CV: 3FhD9TVChB1o1Hrkj3wP7H
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:09 UTC632INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Age: 3966780
                              Cache-Control: public, max-age=17280000
                              Content-Type: application/x-chrome-extension
                              Date: Mon, 19 Aug 2024 04:04:09 GMT
                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                              Server: ECAcc (nyd/D11E)
                              X-AspNet-Version: 4.0.30319
                              X-AspNetMvc-Version: 5.3
                              X-Cache: HIT
                              X-CCC: US
                              X-CID: 11
                              X-Powered-By: ASP.NET
                              X-Powered-By: ARR/3.0
                              X-Powered-By: ASP.NET
                              Content-Length: 11185
                              Connection: close
                              2024-08-19 04:04:09 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.549754142.250.81.2284437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:10 UTC881OUTGET /favicon.ico HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-arch: "x86"
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-platform-version: "10.0.0"
                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-model: ""
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:10 UTC705INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                              Content-Length: 5430
                              X-Content-Type-Options: nosniff
                              Server: sffe
                              X-XSS-Protection: 0
                              Date: Mon, 19 Aug 2024 03:36:52 GMT
                              Expires: Tue, 27 Aug 2024 03:36:52 GMT
                              Cache-Control: public, max-age=691200
                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                              Content-Type: image/x-icon
                              Vary: Accept-Encoding
                              Age: 1638
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2024-08-19 04:04:10 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                              Data Ascii: h& ( 0.v]X:X:rY
                              2024-08-19 04:04:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                              2024-08-19 04:04:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                              2024-08-19 04:04:10 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                              Data Ascii: BBBBBBF!4I
                              2024-08-19 04:04:10 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                              Data Ascii: $'


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.54976413.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:12 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Edge-Asset-Group: EntityExtractionDomainsConfig
                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                              Sec-Mesh-Client-Edge-Channel: stable
                              Sec-Mesh-Client-OS: Windows
                              Sec-Mesh-Client-OS-Version: 10.0.19045
                              Sec-Mesh-Client-Arch: x86_64
                              Sec-Mesh-Client-WebView: 0
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:12 UTC583INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:12 GMT
                              Content-Type: application/octet-stream
                              Content-Length: 70207
                              Connection: close
                              Content-Encoding: gzip
                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                              ETag: 0x8DCB31E67C22927
                              x-ms-request-id: 169f182b-001e-0001-68a2-f169fa000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040412Z-15c77d89844pj67j41r7dttmsw00000004yg000000008hs1
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:12 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                              2024-08-19 04:04:12 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                              2024-08-19 04:04:12 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                              2024-08-19 04:04:12 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                              2024-08-19 04:04:12 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.54977113.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:13 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Edge-Asset-Group: Shoreline
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:13 UTC563INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:13 GMT
                              Content-Type: application/octet-stream
                              Content-Length: 306698
                              Connection: close
                              Content-Encoding: gzip
                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                              ETag: 0x8DBC9B5C40EBFF4
                              x-ms-request-id: f2dda6ad-201e-0016-1ba2-f1a999000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040413Z-15c77d89844n6dtp5f09y9f4c800000005w0000000001a59
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              Accept-Ranges: bytes
                              2024-08-19 04:04:13 UTC15821INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                              2024-08-19 04:04:13 UTC16384INData Raw: 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44
                              Data Ascii: |[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD
                              2024-08-19 04:04:13 UTC16384INData Raw: b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d
                              Data Ascii: O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD
                              2024-08-19 04:04:13 UTC16384INData Raw: a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08
                              Data Ascii: jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo
                              2024-08-19 04:04:13 UTC16384INData Raw: 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5
                              Data Ascii: k/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-
                              2024-08-19 04:04:13 UTC16384INData Raw: 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c
                              Data Ascii: M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<
                              2024-08-19 04:04:13 UTC16384INData Raw: 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9
                              Data Ascii: Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]h
                              2024-08-19 04:04:13 UTC16384INData Raw: 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da
                              Data Ascii: XdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPT
                              2024-08-19 04:04:13 UTC16384INData Raw: b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62
                              Data Ascii: ;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]b
                              2024-08-19 04:04:13 UTC16384INData Raw: c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4
                              Data Ascii: /}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              14192.168.2.54977013.85.23.86443
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MuD1rYhrSPNGDFc&MD=5SBWp2YX HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              Host: slscr.update.microsoft.com
                              2024-08-19 04:04:14 UTC560INHTTP/1.1 200 OK
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Content-Type: application/octet-stream
                              Expires: -1
                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                              MS-CorrelationId: c1145c8f-eaf4-46d2-9701-4daf824005ce
                              MS-RequestId: be8fc27f-47d2-45a0-9d5b-a20dcf76c248
                              MS-CV: XVOgLaRAc0GLTXPh.0
                              X-Microsoft-SLSClientCache: 2880
                              Content-Disposition: attachment; filename=environment.cab
                              X-Content-Type-Options: nosniff
                              Date: Mon, 19 Aug 2024 04:04:13 GMT
                              Connection: close
                              Content-Length: 24490
                              2024-08-19 04:04:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                              2024-08-19 04:04:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              15192.168.2.549780142.250.184.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:14 UTC1224OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1093006929&timestamp=1724040252806 HTTP/1.1
                              Host: accounts.youtube.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-arch: "x86"
                              sec-ch-ua-platform: "Windows"
                              sec-ch-ua-platform-version: "10.0.0"
                              sec-ch-ua-model: ""
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-Dest: iframe
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-19 04:04:14 UTC1962INHTTP/1.1 200 OK
                              Content-Type: text/html; charset=utf-8
                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                              Content-Security-Policy: script-src 'report-sample' 'nonce-rNRjIJyWTz8xwOI7lIiSdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                              Date: Mon, 19 Aug 2024 04:04:14 GMT
                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy: same-origin
                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjMtDikmLw1pBikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdiIR6OfR3d29gELly7tJtRSS8pvzA-MyU1rySzpDIlPzcxMy85Pz87M7W4OLWoLLUo3sjAyMTAwtBQz8AivsAAAKMwKzc"
                              Server: ESF
                              X-XSS-Protection: 0
                              X-Content-Type-Options: nosniff
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-08-19 04:04:14 UTC1962INData Raw: 37 36 35 66 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 72 4e 52 6a 49 4a 79 57 54 7a 38 78 77 4f 49 37 6c 49 69 53 64 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                              Data Ascii: 765f<html><head><script nonce="rNRjIJyWTz8xwOI7lIiSdg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                              2024-08-19 04:04:14 UTC1962INData Raw: 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6b 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29
                              Data Ascii: (d){return d in b})]||""}},qa=function(a){var b=fa();if(a==="Internet Explorer"){if(ka())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1])
                              2024-08-19 04:04:14 UTC1962INData Raw: 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 0a 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a 7b 63 3d 61 3b 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 65 29 7b 76 61 72 20 66 3d 65 2d 31 3b 69 66 28 77 61 28 63 5b 66 5d
                              Data Ascii: ){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:{c=a;var e=c.length;if(e){var f=e-1;if(wa(c[f]
                              2024-08-19 04:04:14 UTC1962INData Raw: 3a 62 29 3b 69 66 28 61 3d 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 66 3d 62 5b 61 2d 31 5d 2c 68 3d 77 61 28 66 29 3b 68 3f 61 2d 2d 3a 66 3d 76 6f 69 64 20 30 3b 65 3d 2b 21 21 28 65 26 35 31 32 29 2d 31 3b 76 61 72 20 67 3d 62 3b 69 66 28 68 29 7b 62 3a 7b 76 61 72 20 6b 3d 66 3b 76 61 72 20 6c 3d 7b 7d 3b 68 3d 21 31 3b 69 66 28 6b 29 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 6b 29 69 66 28 69 73 4e 61 4e 28 2b 6d 29 29 6c 5b 6d 5d 3d 6b 5b 6d 5d 3b 65 6c 73 65 7b 76 61 72 20 71 3d 6b 5b 6d 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 71 29 26 26 28 41 28 71 2c 64 2c 0a 2b 6d 29 7c 7c 76 61 28 71 29 26 26 71 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 71 3d 6e 75 6c 6c 29 3b 71 3d 3d 6e 75 6c 6c 26 26 28 68 3d 21 30 29 3b 71 21 3d 6e 75 6c 6c 26 26 28 6c
                              Data Ascii: :b);if(a=b.length){var f=b[a-1],h=wa(f);h?a--:f=void 0;e=+!!(e&512)-1;var g=b;if(h){b:{var k=f;var l={};h=!1;if(k)for(var m in k)if(isNaN(+m))l[m]=k[m];else{var q=k[m];Array.isArray(q)&&(A(q,d,+m)||va(q)&&q.size===0)&&(q=null);q==null&&(h=!0);q!=null&&(l
                              2024-08-19 04:04:14 UTC1962INData Raw: 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 45 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 51 61 28 4e 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 47 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22
                              Data Ascii: n"&&typeof d.prototype[a]!="function"&&E(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Qa(Na(this))}})}return a});var Qa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},G=function(a){var b=typeof Symbol!="
                              2024-08-19 04:04:14 UTC1962INData Raw: 28 6b 29 3b 69 66 28 21 48 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 26 26 48 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 48 28 6b 2c 66 29 26 26 48 28 6b 5b 66
                              Data Ascii: (k);if(!H(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&H(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&H(k,f)&&H(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&H(k,f)&&H(k[f
                              2024-08-19 04:04:14 UTC1962INData Raw: 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 48 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61
                              Data Ascii: l=="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&H(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){va
                              2024-08-19 04:04:14 UTC1962INData Raw: 68 3d 30 3b 68 3c 66 3b 68 2b 2b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 62 5b 68 5d 2c 68 29 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 3b 46 28 22 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 5a 61 3d 5a 61 7c 7c 7b 7d 2c 72 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 61 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 24 61 28 22 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 2e 6f 78 4e 33 6e 62 22 29 3b 61 3d 63 26 26 63 5b 61 5d 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 3f 61 3a 62 7d 2c 49 3d 72 2e 5f
                              Data Ascii: h=0;h<f;h++)e.push(c.call(d,b[h],h));return e}});F("Number.isNaN",function(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var Za=Za||{},r=this||self,ab=function(a,b){var c=$a("WIZ_global_data.oxN3nb");a=c&&c[a];return a!=null?a:b},I=r._
                              2024-08-19 04:04:14 UTC1962INData Raw: 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 7d 3b 76 61 72 20 63 61 3d 22 63 6f 6e 73 74 72 75 63 74 6f 72 20 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 20 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 20 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 20 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 20 74 6f 53 74 72 69 6e 67 20 76 61 6c 75 65 4f 66 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 76 61 72 20 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 72 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66
                              Data Ascii: h,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)};var ca="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf".split(" ");var jb=function(a,b,c){c=c||r;var d=c.onerror,e=!!b;c.onerror=f
                              2024-08-19 04:04:14 UTC1962INData Raw: 65 3d 30 3b 64 26 26 65 3c 64 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 65 3e 30 26 26 63 2e 70 75 73 68 28 22 2c 20 22 29 3b 76 61 72 20 66 3d 64 5b 65 5d 3b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 66 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 66 3d 66 3f 22 6f 62 6a 65 63 74 22 3a 22 6e 75 6c 6c 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 6c 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a
                              Data Ascii: e=0;d&&e<d.length;e++){e>0&&c.push(", ");var f=d[e];switch(typeof f){case "object":f=f?"object":"null";break;case "string":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=lb(f))?f:"[fn]";break;default:f=


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              16192.168.2.54978213.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:14 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Edge-Asset-Group: ProductCategories
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:14 UTC531INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:14 GMT
                              Content-Type: application/octet-stream
                              Content-Length: 82989
                              Connection: close
                              Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                              ETag: 0x8DB5D5E89CE25EB
                              x-ms-request-id: 73256cbd-201e-003f-503c-f0dfdb000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040414Z-15c77d89844jhl6gb132cscd34000000027g000000009xq7
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 0
                              X-Cache: TCP_HIT
                              Accept-Ranges: bytes
                              2024-08-19 04:04:14 UTC15853INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                              Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                              2024-08-19 04:04:14 UTC16384INData Raw: 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 11 4b 69 74 63 68
                              Data Ascii: Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitchen & HousewaresKitch
                              2024-08-19 04:04:14 UTC16384INData Raw: 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c 08 a5 2a 12 37 0a 13 4d 75 73 69 63 61 6c 20 49 6e 73 74 72 75
                              Data Ascii: Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<*7Musical Instru
                              2024-08-19 04:04:14 UTC16384INData Raw: 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f 65 73 12 09 55 6e 64 65 72 77 65 61 72 0a 21 08 a5 2b 12 1c 0a
                              Data Ascii: denBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & ShoesUnderwear!+
                              2024-08-19 04:04:14 UTC16384INData Raw: 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 23 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 50 72 6f 64
                              Data Ascii: sSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electronics#Installation Prod
                              2024-08-19 04:04:14 UTC1600INData Raw: 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 46 75 72 6e 69 74 75 72 65 0a 1e 08 a4 2b 12 19
                              Data Ascii: arageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home FurnishingsFurniture+


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              17192.168.2.54979113.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC543INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 1579
                              Connection: close
                              Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                              ETag: 0x8DBDCB5DE99522A
                              x-ms-request-id: a6c86ee7-601e-0011-52d3-f15f1c000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844n564ch5vmt0hbn000000004p000000000daad
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              18192.168.2.54978713.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC543INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 1966
                              Connection: close
                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                              ETag: 0x8DBDCB5EC122A94
                              x-ms-request-id: c7138425-201e-003f-0ad3-f1dfdb000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844lpwvj5ntbmq1cg800000005800000000033re
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              19192.168.2.54978813.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC536INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 1751
                              Connection: close
                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                              ETag: 0x8DBCEA8D5AACC85
                              x-ms-request-id: ea5d5e89-701e-004a-7ba2-f15860000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844bhmk535uzmhuz38000000052g00000000nrtv
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 0
                              X-Cache-Info: L1_T2
                              X-Cache: TCP_HIT
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              20192.168.2.54978913.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC543INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 1427
                              Connection: close
                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                              ETag: 0x8DBDCB5EF021F8E
                              x-ms-request-id: b9c0157d-701e-0068-27d3-f13656000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844wjss9q4wnt54wg400000005a0000000004ha2
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              21192.168.2.54979013.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC543INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 2008
                              Connection: close
                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                              ETag: 0x8DBC9B5C0C17219
                              x-ms-request-id: 17238eb4-b01e-0013-27a9-f15de6000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844x4cv6tct3vbzssn000000040000000000a1xa
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              22192.168.2.54979313.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC522INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 2229
                              Connection: close
                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                              ETag: 0x8DBD59359A9E77B
                              x-ms-request-id: 8868b4ee-201e-0052-52a2-f175f5000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844hdn28tw7kbz7eas000000064g000000006kd2
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                              Session IDSource IPSource PortDestination IPDestination Port
                              23192.168.2.54979423.1.237.91443
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                              Origin: https://www.bing.com
                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                              Accept: */*
                              Accept-Language: en-CH
                              Content-type: text/xml
                              X-Agent-DeviceId: 01000A410900D492
                              X-BM-CBT: 1696428841
                              X-BM-DateFormat: dd/MM/yyyy
                              X-BM-DeviceDimensions: 784x984
                              X-BM-DeviceDimensionsLogical: 784x984
                              X-BM-DeviceScale: 100
                              X-BM-DTZ: 120
                              X-BM-Market: CH
                              X-BM-Theme: 000000;0078d7
                              X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                              X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                              X-Device-isOptin: false
                              X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                              X-Device-OSSKU: 48
                              X-Device-Touch: false
                              X-DeviceID: 01000A410900D492
                              X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                              X-MSEdge-ExternalExpType: JointCoord
                              X-PositionerType: Desktop
                              X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                              X-Search-CortanaAvailableCapabilities: None
                              X-Search-SafeSearch: Moderate
                              X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                              X-UserAgeClass: Unknown
                              Accept-Encoding: gzip, deflate, br
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                              Host: www.bing.com
                              Content-Length: 2484
                              Connection: Keep-Alive
                              Cache-Control: no-cache
                              Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1724040221816&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                              2024-08-19 04:04:15 UTC1OUTData Raw: 3c
                              Data Ascii: <
                              2024-08-19 04:04:15 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                              Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                              2024-08-19 04:04:15 UTC480INHTTP/1.1 204 No Content
                              Access-Control-Allow-Origin: *
                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              X-MSEdge-Ref: Ref A: EA2B1D34E4E146948D7DA15777ED5113 Ref B: LAX311000110007 Ref C: 2024-08-19T04:04:15Z
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Connection: close
                              Alt-Svc: h3=":443"; ma=93600
                              X-CDN-TraceID: 0.15ed0117.1724040255.156055ee


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              24192.168.2.54979813.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC543INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 1154
                              Connection: close
                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                              ETag: 0x8DBD5935D5B3965
                              x-ms-request-id: 6866c59b-901e-004b-3ba2-f1599d000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844sts2zsstdq8frz400000003t000000000e12p
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              25192.168.2.54979713.107.246.404437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:15 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                              Host: edgeassetservice.azureedge.net
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:04:15 UTC543INHTTP/1.1 200 OK
                              Date: Mon, 19 Aug 2024 04:04:15 GMT
                              Content-Type: image/png
                              Content-Length: 1468
                              Connection: close
                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                              ETag: 0x8DBDCB5E23DFC43
                              x-ms-request-id: f8580d0a-f01e-0072-15a2-f11939000000
                              x-ms-version: 2009-09-19
                              x-ms-lease-status: unlocked
                              x-ms-blob-type: BlockBlob
                              x-azure-ref: 20240819T040415Z-15c77d89844sw96qqartrpgkmc00000004sg000000000ztd
                              Cache-Control: public, max-age=604800
                              x-fd-int-roxy-purgeid: 69316365
                              X-Cache: TCP_HIT
                              X-Cache-Info: L1_T2
                              Accept-Ranges: bytes
                              2024-08-19 04:04:15 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              26192.168.2.549801172.217.16.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:16 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Accept: */*
                              Access-Control-Request-Method: POST
                              Access-Control-Request-Headers: x-goog-authuser
                              Origin: https://accounts.google.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-19 04:04:16 UTC520INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                              Access-Control-Max-Age: 86400
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:16 GMT
                              Server: Playlog
                              Content-Length: 0
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              27192.168.2.549805172.217.16.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:16 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Accept: */*
                              Access-Control-Request-Method: POST
                              Access-Control-Request-Headers: x-goog-authuser
                              Origin: https://accounts.google.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-19 04:04:16 UTC520INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                              Access-Control-Max-Age: 86400
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:16 GMT
                              Server: Playlog
                              Content-Length: 0
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              28192.168.2.549811172.217.16.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:17 UTC1132OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Content-Length: 536
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-arch: "x86"
                              Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-platform-version: "10.0.0"
                              X-Goog-AuthUser: 0
                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-model: ""
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept: */*
                              Origin: https://accounts.google.com
                              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-19 04:04:17 UTC536OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 2d 55 53 22 2c 6e 75 6c 6c 2c 22 32 36 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 34 30 34 30 32 35 35 30 36 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e
                              Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en-US",null,"26",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1724040255064",null,null,n
                              2024-08-19 04:04:17 UTC925INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Cross-Origin-Resource-Policy: cross-origin
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web
                              Set-Cookie: NID=516=WeSzCAFaHyWH6MTW1ULeTeEEbrd665yRRjL7ssKDzonF1iwE5NKqz2kmTJf_WlHUmJ8uUofhXUuHUxQmdyJI7tzThJEO0YaMtok-6OSkqYeXBCJuoHiSHix2XTeposu1X6MRzPIohjAZxbZP8JTXXwQoOURB1QzpmCTAqPKfh_8; expires=Tue, 18-Feb-2025 04:04:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:17 GMT
                              Server: Playlog
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Expires: Mon, 19 Aug 2024 04:04:17 GMT
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-08-19 04:04:17 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                              Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                              2024-08-19 04:04:17 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              29192.168.2.549812172.217.16.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:17 UTC1132OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Content-Length: 536
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-arch: "x86"
                              Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-platform-version: "10.0.0"
                              X-Goog-AuthUser: 0
                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-model: ""
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept: */*
                              Origin: https://accounts.google.com
                              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-19 04:04:17 UTC536OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 2d 55 53 22 2c 6e 75 6c 6c 2c 22 32 36 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 34 30 34 30 32 35 35 32 31 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e
                              Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en-US",null,"26",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1724040255218",null,null,n
                              2024-08-19 04:04:17 UTC925INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Cross-Origin-Resource-Policy: cross-origin
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web
                              Set-Cookie: NID=516=WJsEYAxh4CKxa1yab-BqPxYYqhzbsUfq0OOlJfg4L8DreH_TrP_jdCh_rKTaoN4GQ5QwLWokGC0vA0AxPWXFlaoPaWmsfp1fAvyQEWDwPbEVLe1XgOBrpWXfhoG0H9zxRj3jkMOs1UHfUyPjMc39hb831hjI-8ph6UGarHTN8sk; expires=Tue, 18-Feb-2025 04:04:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:17 GMT
                              Server: Playlog
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Expires: Mon, 19 Aug 2024 04:04:17 GMT
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-08-19 04:04:17 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                              Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                              2024-08-19 04:04:17 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              30192.168.2.549813172.217.18.44437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:18 UTC1214OUTGET /favicon.ico HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-arch: "x86"
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-platform-version: "10.0.0"
                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-model: ""
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: NID=516=WeSzCAFaHyWH6MTW1ULeTeEEbrd665yRRjL7ssKDzonF1iwE5NKqz2kmTJf_WlHUmJ8uUofhXUuHUxQmdyJI7tzThJEO0YaMtok-6OSkqYeXBCJuoHiSHix2XTeposu1X6MRzPIohjAZxbZP8JTXXwQoOURB1QzpmCTAqPKfh_8
                              2024-08-19 04:04:18 UTC705INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                              Content-Length: 5430
                              X-Content-Type-Options: nosniff
                              Server: sffe
                              X-XSS-Protection: 0
                              Date: Mon, 19 Aug 2024 03:20:10 GMT
                              Expires: Tue, 27 Aug 2024 03:20:10 GMT
                              Cache-Control: public, max-age=691200
                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                              Content-Type: image/x-icon
                              Vary: Accept-Encoding
                              Age: 2648
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2024-08-19 04:04:18 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                              Data Ascii: h& ( 0.v]X:X:rY
                              2024-08-19 04:04:18 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                              2024-08-19 04:04:18 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                              2024-08-19 04:04:18 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                              Data Ascii: BBBBBBF!4I
                              2024-08-19 04:04:18 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                              Data Ascii: $'


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              31192.168.2.549815172.217.16.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:23 UTC1298OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Content-Length: 932
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-arch: "x86"
                              Content-Type: text/plain;charset=UTF-8
                              sec-ch-ua-full-version: "117.0.5938.132"
                              sec-ch-ua-platform-version: "10.0.0"
                              X-Goog-AuthUser: 0
                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-model: ""
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept: */*
                              Origin: https://accounts.google.com
                              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: NID=516=WJsEYAxh4CKxa1yab-BqPxYYqhzbsUfq0OOlJfg4L8DreH_TrP_jdCh_rKTaoN4GQ5QwLWokGC0vA0AxPWXFlaoPaWmsfp1fAvyQEWDwPbEVLe1XgOBrpWXfhoG0H9zxRj3jkMOs1UHfUyPjMc39hb831hjI-8ph6UGarHTN8sk
                              2024-08-19 04:04:23 UTC932OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 2d 55 53 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 34 30 34 30 32 35 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75
                              Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en-US",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1724040252000",null,null,nu
                              2024-08-19 04:04:24 UTC930INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Cross-Origin-Resource-Policy: cross-origin
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web
                              Set-Cookie: NID=516=iQWuucrPNgWV0qqN_i3ejerGO0Gp8XlfyOASeQMfKsUqwExTZv_SKZi9wAl3a9F3xsHj_Xn9OilLc-tLRYXpCvLj9HhhgUCuf7WlvWmQVY_XNotkqk4Ev6Bqd7CGpmE4Jz2H4bnIPtwt7AAQ413GOGM3hR3blW-YQ6KrcVCneX8EIvhk; expires=Tue, 18-Feb-2025 04:04:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:24 GMT
                              Server: Playlog
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Expires: Mon, 19 Aug 2024 04:04:24 GMT
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-08-19 04:04:24 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                              Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                              2024-08-19 04:04:24 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              32192.168.2.549830172.217.16.2064437180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:46 UTC1286OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              Content-Length: 831
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-arch: "x86"
                              sec-ch-ua-full-version: "117.0.5938.132"
                              Content-Type: text/plain;charset=UTF-8
                              sec-ch-ua-platform-version: "10.0.0"
                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                              sec-ch-ua-bitness: "64"
                              sec-ch-ua-model: ""
                              sec-ch-ua-wow64: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept: */*
                              Origin: https://accounts.google.com
                              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                              Sec-Fetch-Site: same-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              Referer: https://accounts.google.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: NID=516=iQWuucrPNgWV0qqN_i3ejerGO0Gp8XlfyOASeQMfKsUqwExTZv_SKZi9wAl3a9F3xsHj_Xn9OilLc-tLRYXpCvLj9HhhgUCuf7WlvWmQVY_XNotkqk4Ev6Bqd7CGpmE4Jz2H4bnIPtwt7AAQ413GOGM3hR3blW-YQ6KrcVCneX8EIvhk
                              2024-08-19 04:04:46 UTC831OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 2d 55 53 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 30 38 31 33 2e 30 31 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c
                              Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en-US",null,"boq_identityfrontendauthuiserver_20240813.01_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,
                              2024-08-19 04:04:47 UTC523INHTTP/1.1 200 OK
                              Access-Control-Allow-Origin: https://accounts.google.com
                              Cross-Origin-Resource-Policy: cross-origin
                              Access-Control-Allow-Credentials: true
                              Access-Control-Allow-Headers: X-Playlog-Web
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 19 Aug 2024 04:04:47 GMT
                              Server: Playlog
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-08-19 04:04:47 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                              Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                              2024-08-19 04:04:47 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              33192.168.2.54983113.85.23.86443
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:04:52 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MuD1rYhrSPNGDFc&MD=5SBWp2YX HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              Host: slscr.update.microsoft.com
                              2024-08-19 04:04:52 UTC560INHTTP/1.1 200 OK
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Content-Type: application/octet-stream
                              Expires: -1
                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                              MS-CorrelationId: 434a5613-b95a-4ba7-b664-b2017eb5e8c2
                              MS-RequestId: 9878f2a8-a938-4958-a80d-96c1f2692cfa
                              MS-CV: 4EnCqrnlbEOkyhMJ.0
                              X-Microsoft-SLSClientCache: 1440
                              Content-Disposition: attachment; filename=environment.cab
                              X-Content-Type-Options: nosniff
                              Date: Mon, 19 Aug 2024 04:04:51 GMT
                              Connection: close
                              Content-Length: 30005
                              2024-08-19 04:04:52 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                              2024-08-19 04:04:52 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              34192.168.2.54983423.219.161.1324437944C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              TimestampBytes transferredDirectionData
                              2024-08-19 04:05:04 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                              Host: bzib.nelreports.net
                              Connection: keep-alive
                              Origin: https://business.bing.com
                              Access-Control-Request-Method: POST
                              Access-Control-Request-Headers: content-type
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                              2024-08-19 04:05:04 UTC351INHTTP/1.1 403 Forbidden
                              Content-Length: 2342
                              Content-Type: text/html
                              Date: Mon, 19 Aug 2024 04:05:04 GMT
                              Connection: close
                              PMUSER_FORMAT_QS:
                              X-CDN-TraceId: 0.84112317.1724040304.de0035c
                              Access-Control-Allow-Credentials: false
                              Access-Control-Allow-Methods: *
                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                              Access-Control-Allow-Origin: *
                              2024-08-19 04:05:04 UTC1938INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 20 41 70 70 20 2d 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 23 66 65 61 74 75 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 36 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 39 35
                              Data Ascii: <!DOCTYPE html><html><head> <title>Web App - Unavailable</title> <style type="text/css"> html { height: 100%; width: 100%; } #feature { width: 960px; margin: 95
                              2024-08-19 04:05:04 UTC404INData Raw: 74 20 61 67 61 69 6e 20 73 6f 6f 6e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 74 6f 41 64 6d 69 6e 22 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 77 65 62 20 61 70 70 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 20 70 6c 65 61 73 65 20 66 69 6e 64 20 74 68 65 20 63 6f 6d 6d 6f 6e 20 34 30 33 20 65 72 72 6f 72 20 73 63 65 6e 61 72 69 6f 73 20 61 6e 64 20 72 65 73 6f 6c 75 74 69 6f 6e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 6c 69 6e 6b 69 64 3d 32 30 39 35 30 30 37 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 68 65 72 65 3c 2f 61 3e 2e 20 46 6f 72 20 66 75 72 74 68 65 72 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74
                              Data Ascii: t again soon.</p> <p id="toAdmin">If you are the web app administrator, please find the common 403 error scenarios and resolution <a href="https://go.microsoft.com/fwlink/?linkid=2095007" target="_blank">here</a>. For further troubleshoot


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:00:03:53
                              Start date:19/08/2024
                              Path:C:\Users\user\Desktop\file.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\file.exe"
                              Imagebase:0x400000
                              File size:91'648 bytes
                              MD5 hash:8814875DEE846A623F322B36DC7BBC62
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:1
                              Start time:00:03:53
                              Start date:19/08/2024
                              Path:C:\Windows\System32\cmd.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\A65C.tmp\A65D.tmp\A65E.bat C:\Users\user\Desktop\file.exe"
                              Imagebase:0x7ff689cc0000
                              File size:289'792 bytes
                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:2
                              Start time:00:03:53
                              Start date:19/08/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff6d64d0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:3
                              Start time:00:03:53
                              Start date:19/08/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
                              Imagebase:0x7ff715980000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:4
                              Start time:00:03:53
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:5
                              Start time:00:03:53
                              Start date:19/08/2024
                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
                              Imagebase:0x7ff79f9e0000
                              File size:676'768 bytes
                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:8
                              Start time:00:03:54
                              Start date:19/08/2024
                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                              Imagebase:0x7ff79f9e0000
                              File size:676'768 bytes
                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:9
                              Start time:00:03:54
                              Start date:19/08/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8
                              Imagebase:0x7ff715980000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:10
                              Start time:00:03:54
                              Start date:19/08/2024
                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                              Imagebase:0x7ff79f9e0000
                              File size:676'768 bytes
                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:11
                              Start time:00:03:56
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2236,i,18085970336854913923,8612264065574111003,262144 /prefetch:3
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:12
                              Start time:00:03:57
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:false

                              General

                              Target ID:13
                              Start time:00:03:57
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:3
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:false

                              General

                              Target ID:14
                              Start time:00:04:01
                              Start date:19/08/2024
                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a65a33-d26c-4859-a37a-7257b27f6008} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc6eb10 socket
                              Imagebase:0x7ff79f9e0000
                              File size:676'768 bytes
                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:18
                              Start time:00:04:05
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:19
                              Start time:00:04:05
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7064 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:20
                              Start time:00:04:07
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7864 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:false

                              General

                              Target ID:21
                              Start time:00:04:07
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8012 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:22
                              Start time:00:04:09
                              Start date:19/08/2024
                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 4136 -prefMapHandle 4148 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5530a7-4b89-4500-a48d-c51bf34f8c75} 7252 "\\.\pipe\gecko-crash-server-pipe.7252" 1d2ebc88e10 rdd
                              Imagebase:0x7ff79f9e0000
                              File size:676'768 bytes
                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:false

                              General

                              Target ID:24
                              Start time:00:04:12
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6704 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:26
                              Start time:00:04:14
                              Start date:19/08/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8
                              Imagebase:0x7ff715980000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:false

                              General

                              Target ID:27
                              Start time:00:04:15
                              Start date:19/08/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=2268,i,8734261815983020632,9576834347064619451,262144 /prefetch:8
                              Imagebase:0x7ff715980000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:29
                              Start time:00:04:57
                              Start date:19/08/2024
                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8696 --field-trial-handle=2044,i,6142918091707083377,14404548853907831403,262144 /prefetch:8
                              Imagebase:0x7ff6c1cf0000
                              File size:4'210'216 bytes
                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:false

                              Disassembly

                              Reset < >